WordPress migration notes

I have a production WordPress site on Amazon Lightsail that I need to migrate away from. These are notes on how to migrate over only the stuff I want to keep.

Backstory: Amazon Lightsail was very inexpensive, at under $5 per month for hosting on their smallest machine, and it did fine. Two things became problems, however:

  • Bitnami WordPress is super easy to spin up, and everything just works. But upgrading to a newer version of something (say PHP or MySQL or something) is a non-starter. The only way to upgrade is to spin up a new machine and do a migration to a new machine.
  • Amazon recently did a price increase. Now, I can get a Linode machine with double the RAM for only $2 more, and that will include backups.

Okay, so I need to migrate, but over the years, I’ve tried different plugins, and even though many of them were uninstalled, the installation routine left crap in the database. How to migrate to a new server, but leave behind the crap? This will be the topic of this post.

First, I installed WP-CLI, instructions can be found here.

Then, on the new machine, I installed only those Plugins which I know I need.

I took a snapshot backup at this point, simply because it seems prudent.

On the new machine, I logged in with ssh and ran this:

wp --path='/var/www/html/wordpress' db query "SHOW TABLES" --skip-column-names --allow-root

This gives me a list of the tables in the new machine that I want from the old machine.

+-----------------------+
| wp_commentmeta        |
| wp_comments           |
| wp_links              |
| wp_options            |
| wp_postmeta           |
| wp_posts              |
| wp_term_relationships |
| wp_term_taxonomy      |
| wp_termmeta           |
| wp_terms              |
| wp_usermeta           |
| wp_users              |
+-----------------------+

This is a pretty minimal list; the old machine has a list 362 tables long! Matomo was a particularly egregious offender here.

With this information, I can use a script written by Mike Andreasen over on the WP Bullet website to dump the databases on the old machine:

# set WP-CLI flags
WPFLAGS="--allow-root"

# define path to the database dumps without trailing slash
DBSTORE="/tmp"
# get the name of the database
DBNAME=$(wp config get DB_NAME ${WPFLAGS})

# list all of the tables regardless of database prefix
TABLELIST=(wp_posts wp_postmeta)

# create the temporary directory for storing the dumps
mkdir -p ${DBSTORE}/${DBNAME}

# loop through tables and export, log details to /tmp/mysqlexport-<database>.txt
for TABLE in ${TABLELIST[@]}
do
    # export the table
    wp db export ${DBSTORE}/${DBNAME}/${TABLE}.sql --tables=${TABLE} ${WPFLAGS} | tee /dev/stderr
done > /tmp/mysqlexport-${DBNAME}.txt

With this done, I scp the files from the old machine to my local machine. Then I scp them up to the new machine. The next script assumes they are in the sql directory in the wordpress folder.

I tried it, but I should have taken a snapshot, first. 😉

I need to search-and-replace all instances of the old domain name in the MySQL dump files, and put in the new domain name. Technically, once the actual switch happens, the new machine will be found at the old name, so this shouldn’t be necessary. But, the whole reason for migrating to a development machine is to test out this migration process. And the new machine does have a different domain name.

The script to upload the MySQL dumps looks like this:

# define WordPress path
WPPATH="/var/www/html/wordpress"

# loop through all of the 
for DUMP in /var/www/html/wordpress/sql/*.sql;
do
    wp db import ${DUMP} --allow-root --path=${WPPATH}
done

But, until the data is cleaned up, the new WordPress website gets the dreaded white-screen-of-death.

Abandoned OpenSuSE Tumbleweed for Leap 15.6 beta: much better

In a previous post, I said how I made a huge mistake by “upgrading” to a fresh installation of OpenSuSE Tumbleweed, which came with KDE 6 and Wayland. This broke the KDE window tiling, and every interaction I had with KDE reminded me of what a huge mistake I had made. I’ve re-installed a fresh OS install from Leap 15.6 beta, and everything is good, back to the way it was before.

Firefox did bark at me that my profile was newer than previous; I had to start it with firefox --allow-downgrade

Also, I lost all my Firefox multi-account containers I had set. Thankfully, I had a previous containers.json file lying around.

But yes, now, everything is working excellently. Well, I haven’t tried Factorio or YouTube videos yet: but the important stuff is working.

Previously, I’d moved off Leap to Tumbleweed because tesseract-ocr was too old. It looks like in Leap 15.6 beta that it is a pretty new version.

Reddit + Google partnership seems like a bad idea to me

Exclusive: Reddit in AI content licensing deal with Google

The problem is that (if you live in the USA) your and my tax dollars are spent by national security agencies polluting Reddit with content from sock-puppet accounts to promote certain agendas.

This means, that by design, Google will be training its AI on untrustworthy sources.

Nothing about this plan is wise.

I know that Google does plenty of stupid things accidentally, but this seems willfully stupid.

New OpenSuSE install – whoops, that was a mistake (no KDE tiling window manager) – HUGE mistake

OpenSuSE Tumbleweed was acting squirrelly, so I downloaded an ISO and installed the latest OS from scratch. That was a huge mistake. Now, sometimes my machine spontaneously reboots, and other times windows get blocked for keyboard input.

On the good side, getting back to a working production system was never easier: delete the HDMI sound card and sound works again, add the external repos and codecs, and YouTube works again, add tesseract-ocr and The GIMP, and I can do my web work again. Install my Epson printer, and I can print a document for an upcoming event I’m a volunteer for.

On the bad side, that brand-spanking-new install came with Wayland and KDE 6, which is so new that it doesn’t have automatic window tiling. I hate it.

Whining about a problem isn’t the same as proposing a fix, so here’s what I wish I could fix:

When a new window opens (and it is not a dialog box), re-tile everything on that screen so that everything that showed before, still shows, but the new thing too, takes half the screen. I use “focus follows mouse”, so it is infuriating that as I move my mouse toward the newly opened window, the window underneath activates focus and hides the new screen behind it because the window underneath is full screen. I wouldn’t mind so bad if my old keystrokes worked, and I could shove the full-screen to half-screen: but that doesn’t work either. The previous behavior, which is what I want, is that the previous full-screen window would automatically resize to the other half of the screen when a new window opens.

This weekend I went to the Southern California Linux Expo, and had thought someone might be able to guide me to a solution. Nope, the KDE guy was anti-helpful, pointing me to a non- KDE solution. Checking it out, it is not what I want. I just want the old KWin tiling script to work.

Self-will got me a brand-new OS installation that frustrates me. Yay. I should have just lived with the squirrelly behavior until I heard the “all-clear” signal from the OpenSuSE forums.

New Debian install; ssh and sudo changes

Similar to what I wrote in New OpenSuSE Tumbleweed cannot ssh in but this time with Debian. This has to be done from a physical console login on the machine (or if it was a VM, from the hosting company’s console login desktop service). I’m logged in as root.

apt-get install vim

Debian is pretty bare-metal, man. This is probably good from a security and stability point-of-view.

cd /etc/ssh/
cd /etc/ssh/

Find PermitRootLogin and uncomment it, and change it to yes

Find #PubkeyAuthentication yes and uncomment it.

Find #AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2 and uncomment it and remove the second file authorized_keys2

Find PasswordAuthentication no and uncomment it and change it to yesnote that this is temporary!

Save and exit the sshd_config file. I’m not sure which service(s) would need to be restarted here, so I issue the reboot now command and watch the machine reboot. Today’s hardware is amazingly fast, compared to what we lived with a decade ago.

Now, from my remote machine, I ssh in as root. I get asked about accepting the private key, and get prompted for the password. Once I get in, I know I’m good to proceed to the next step.

ssh-copy-id root@host.domain

I get asked to put in my password again, and now public key logins are enabled, instead of password-based logins.

I log in as root again, but this time without a password. At this point, I do some customizations per How to make Ubuntu have a nice bash shell like OpenSuSE (although this is Debian). One nice thing is that ~/.bashrc already had aliases ready for ll being an alias for ls -l

Something I don’t understand is why I cannot copy / paste from the Debian ssh session. My guess is that is has something to do with LS_OPTIONS in the bashrc file. Anyway….

I still needed to add alias ..='cd ..' though.

I log out.

I log in as a non-root user, with a password.

ssh-copy-id user@host.domain

I log in as the non-root user, without a password. Same thing: I add the customizations I like, where I can edit with vim, from doing a less on a file, the .. alias for changing directory up one, and using PageUp to search history. I log out.

I log in as root again. Now, I need to give my non-root user sudo rights.

adduser whatever-the-non-root-user-is sudo

Back to editing /etc/ssh/sshd_config

Find PermitRootLogin and uncomment it, and change it to no

Find PasswordAuthentication yes and uncomment it and change it to no

And then I save and exit the file and reboot the box.

Now I can ssh as the non-root user, and I cannot log in via ssh as root. Also, no-one can attempt to log in with just a password. This is good.

I read your email

… is a bumper sticker a friend of mine gave me about two decades ago. I never did put it on my car because it would (rightly) freak people out. I did hang it up in my cubicle because … if you work for my employer, I may indeed read your email. You see, I’m the e-discovery guy.

Now really, I’m not going to read your email unless there is some lawsuit or public records act request that indicates your email should be included in the discovery. Even then, I’m not going to read any more than I have to, to verify that the e-discovery query I’ve created is operating properly.

Actually reading your email is a paralegal’s job, after I hand over the evidence, er, everything that matches the search query. Whether it qualifies as evidence needs to be determined by someone with legal training: not me!

I should probably mention that this is within a large organization’s email system, and all employees get training during the on-boarding process that email in our system is the property of the organization: there is no right to privacy here. We are a public sector organization, so anyone can file a public records act request for anything in our email system. Don’t do personal stuff in the corporate email!

There are two of us on the email discovery team. Lately, we’ve been working on the email retention project. We’re going to purge email older than each department’s retention period. It is crucial that we don’t purge items that need to be kept. So these last few days, I’ve been calling up people’s old email, and checking that the addresses of senders and recipients match the labels on the email. There’s about five million email to check; we will not be able to check every one. We’re spot checking.

But, in spot-checking, I really am making the bumper sticker come true. It’s generally tedious, too. If there’s an email address I don’t recognize, there might be a clue in the email thread as to which departments this email is between. So I may have to actually read the email, instead of simply scanning the addresses and labels.

This was a long-winded way of saying that a co-worker of mine sent himself an email in 2008 with a link to a web page article. What the heck: I’ll click that link.

Kudos to you techtarget.com – your link still works, fifteen years later. Impressive.

Temporary fix for Nextcloud calendar broken sync

Nextcloud has a nice home page called the Dashboard, which has calendar items and to-do list on it. But ever since Calendar App version 4.5, it has been broken for items sourced outside of Nextcloud. In other words, if you create a calendar item on your smartphone and sync it in to Nextcloud, on the Calendar web page you can see the item, but on the Dashboard home page it will be missing. The solution is to downgrade the Calendar app to version 4.4.5

Steps to perform:

  1. In the Nextcloud admin interface, find the Calendar app and disable it
  2. ssh into your Nextcloud instance
  3. cd /var/www/html/nextcloud/apps/
  4. mv calendar calendar-old
  5. wget -q https://github.com/nextcloud-releases/calendar/releases/download/v4.4.5/calendar-v4.4.5.tar.gz
  6. tar xvf calendar-v4.4.5.tar.gz
  7. chown -R user:group calendar
  8. In the Nextcloud admin interface, select the Disabled apps section. Then Enable (but not update) the Calendar 4.4.5 app.

And now, when you go back to your Dashboard home page, your calendar will have all the items on it. 🙂

You do get to apply this fix after every update. 🙁

Technically, this post title is somewhat misleading: sync is not broken. What is broken is that items that sync in from CalDAV sources apparently have something that, when it is present, causes the Dashboard page to skip those calendar items. It just looks like sync is broken because you knew the items were on your calendar: but when you look at the Dashboard for today, they are missing. I suppose a better title would be Temporary fix for Nextcloud calendar (some) items missing from Dashboard

Papa Murphy’s website no longer works after Google block

I mentioned here how I added a filter to my browsing to block those annoying Google login pop-ups. I had successfully ordered take-and-bake pizza from Papa Murphy’s before implementing this filter. Today, I can no longer order pizza from them.

Even though I had previously placed an order, and can call up that order from my rewards profile, attempting to actually order anything takes me to a Google Maps page to identify where to pick up from. That page never finishes because of the new filter. Every attempt at adding something to my shopping cart fails because the operation cannot get past the check-in-with-google part.

Well, if I have to choose between keeping the filter in place versus ordering take-and-bake pizza, I’m keeping the filter in place. Which is a shame, because the previous pizza order turned out really well, and was reasonably priced.

Home alarm clock: no progress

Today was pretty depressing. I want my morning alarm clock to be some sort of automation that plays three MP3 files I own on the sound equipment in my bedroom. I spent a lot of time today and do not have a solution.

When I bought the soundbar from Costco, I didn’t know to shop for something Home Assistant compatible. Although, even if I did know that, I think I’d still be stuck because I would feel like an absolute fool to pay $1,000 for a Sonos Soundbar. Sonos is the only vendor of soundbars that plays really nice with Home Assistant.

Apparently, way back when, some LG Soundbars had Ethernet ports on them, and they played nice with Home Assistant. Those aren’t available anymore; with everything having switched over to Bluetooth.

My current solution is an iPad using Bluetooth to light up the soundbar I hooked up to my TV. It works, often. But it doesn’t work 100%, which is a problem for the functionality of an alarm clock.

Also, there is no volume control: whatever the TV left the volume at, the music will play at that volume the next morning. This is sometimes a problem if the movie the night before was really loud, and I needed to turn down the volume to not blast out the neighbors or the speakers. I want automation to make my life less manual control, instead of “Oh! I changed the volume on the TV! I need to reset to xx for tomorrow morning!” just before I fall asleep. That’s the opposite of starting a nice night’s sleep.

My brother gave me a Mini PC running Windows 11 for Christmas. I was hoping that today I could set it up to use the soundbar as a Bluetooth speaker. Well, yes, when connected to a monitor and keyboard and mouse, I did get an MP3 file to play via Bluetooth on the soundbar.

So close.

But what about when the Mini PC is running headless? Nope. Could not get that to work. It is Microsoft Windows, after all. I’ve been using Microsoft products for 30 years, and they just are not good at automating anything. I suspect they think that automation is a Bad Thing, and should only be wielded by wizards instead of mere mortals.

So here I am at the end of a wasted day, without a better solution for my home automation alarm clock that mostly works. It is depressing.

How to block those annoying Google pop-ups to log in to the site with a Google account

Writing this down here, because although I have synchronization turned on in Firefox, I have a couple of new machines, and the setting isn’t syncing over:

uBlock Origin > Dashboard (it is the gear wheels icons) > My Filters > add the following:

https://accounts.google.com/gsi/*

With this in the filters list, Firefox won’t pop up that annoying login box.

I don’t know whether this enhances privacy or not.

Without the filter, the website you are visiting has some content on it which tells your browser that the browser should rat you out to Google fetch this login form from Google.

You should feel uncomfortable when that login prompt box shows up on the porn site you are visiting, by the way. Also if you are a Tea Party member or a Black Lives Matter member.

So, without the filter, your browser is definitely reaching out to a Google server and interacting with it, supplying IP address and whatever else Google asks for. Google is also then supplying this login prompt code to run in your browser.

With the filter, I don’t know.

The website page has code (which will be shipped to your browser) that your browser should request from Google this login form.

I don’t know if the filter strips out the request for the login form, or brings down the login form and immediately returns “no information for accounts.google.com is available”.

If the former, it might protect some privacy. I don’t know if uBlock Origin stops the login form from being loaded from Google. If so, probably Google didn’t get notified that you visited that website.

If the latter, then Google shipped the code to your browser. But before it could ship that code to your browser, your browser had to hand over your IP address as the destination to ship to. And as long as they are preparing the login script code to ship to you, then need a little more information…. (user agent, screen size, is JavaScript enabled, whose’s your daddy, and any other fingerprinting data they can get).

If I were DHS (who is paying Google with your tax dollars to rat you out to DHS), I’d have Google supply the login form code from a different host and domain than accounts.google.com. This filter could still remove all code that points the browser to accounts.google.com, but it is the initial download of the login page pop-up form that lets Google record that you visited website foo at a particular date and time and from where.