• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Aaron Weiss

  • Home
  • Blog
  • About
  • Contact

wordpress

Learning Graylog for Fun and Profit

September 30, 2020 by Aaron Weiss

Since I’ve been increasing my knowledge running my own VPS and VM servers on my FreeNAS/TrueNAS machine, I’ve learned the importance of logs.

Whether it’s a website, application, or operating system, most likely, they are producing various forms of logs. These logs hold the clues to generic operations and errors that can help you understand how well or poorly the application is working.

The problem is that these logs are constantly being generated and are not the most human-friendly. Operating systems alone generate tens of thousands of lines of logs. Keeping up with these logs is difficult. That’s where logging software comes in.

Of course, no conversation about logs cannot begin without mentioning Ren and Stimpy:

How I Got Into Logging

At work, we use software called Splunk. At first, I could barely get a sense of what to do. This was because I didn’t understand our company’s infrastructure, and I was only given a query to execute to complete my specific task.

Later on, I got the idea of using this software for another project. After reaching out to areas who dropped this application into my lap for help, I got no replies and I was at a standstill. It didn’t stop my motivation to learn how to approach my goal because I found lots of potential in having this information.

Splunk is available for free, but has some limitations:

  • Alerting (monitoring) is not available.
  • There are no users or roles. This means:

    • There is no login. You are passed straight into Splunk Web as an administrator-level user.
    • The command line or browser can access and control all aspects of Splunk Free with no user and password prompt.
    • There is only the admin role, and it is not configurable. You cannot add roles or create user accounts.
    • Restrictions on search, such as user quotas, maximum per-search time ranges, and search filters are not supported.
  • Distributed search configurations including search head clustering are not available.
  • Deployment management capabilities are not available.
  • Indexer clustering is not available.
  • Forwarding in TCP/HTTP formats is not available. This means you can forward data from a Free license instance to other Splunk platform instances, but not to non-Splunk software.
  • Report acceleration summaries are not available.
  • The Free license gives very limited access to Splunk Enterprise features.
  • The Free license is for a standalone, single-instance use only installation.
  • The Free license does not expire.
  • The Free license allows you to index 500 MB per day. If you exceed that you will receive a license violation warning.
  • The Free license will prevent searching if there are a number of license violation warnings.

The majority of these limitations aren’t terrible. However, the first bullet item is where I have an issues: “Alerting (monitoring) is not available.” To have emails be sent to you if a event matches a rule that you create is one of the reasons why logging software is so powerful.

Therefore, I found Graylog as a possible solution. It allows for a similar interface as Splunk, notifications, and is extensible through plugins and content packs. Best part: It’s Open Source.

There are many available open source logging platforms, but Graylog was the first that i tried, and appeared to work well for me. The installation process is quite extensive. You will need to have reasonable familiarity with the command line, and I found you’ll need to have a minimum of 4GB of RAM to have a decent performance.

I installed Graylog initially in January 2020 using both the Documentation and a decent YouTube Tutorial which provided more instruction. It required me to install Java, MongoDB, ElasticSearch, and then Graylog. This stack is the backbone of Graylog, and is the reason why you need at least 4 GB of RAM. I first installed this on a VM in my TrueNAS/FreeNAS machine.

Having Graylog installed isn’t enough, you need to send logs to Graylog. Every system and application produces logs in different ways, and there are various ways to sent logs to Graylog. That is where I got the most hung up on working on this project.

Created a UDP Syslog format

The installation instructions from above help ingest rsyslogs to Graylog. Rsyslogs are a common logging format for Linux systems. I found configuring rsyslogs to send to Graylog on Linux rather simple and easy to understand the more I did it for my VMs and RPis.

Apache logs

What really took me some time was figuring out how to send logs from Apache servers. After lots of digging, I found some two older blog posts (here and here) about how others had did it years prior, and I finally figured out how to do it myself.

After some time, I was able to put together the following:

LogFormat "{ \"version\": \"1.1\", \"host\": \"%V\", \"short_message\": \"%r\", \"timestamp\": %{%s}t, \"level\": 6, \"user_agent\": \"%{User-Agent}i\", \"source_ip\": \"%a\", \"duration_usec\": %D, \"duration_sec\": %T, \"request_size_byte\": %O, \"http_status_orig\": %s, \"http_status\": %>s, \"http_request_path\": \"%U\", \"http_request\": \"%U%q\", \"http_method\": \"%m\", \"http_referrer\": \"%{Referer}i\", \"from_apache\": \"true\" }" apache_prod_greylog
CustomLog ${APACHE_LOG_DIR}/prod_ssl_apache_gelf.log apache_prod_greylog
CustomLog "| /bin/nc -u 192.99.167.196 1514" apache_prod_greylog

The first line creates a custom LogFormat.

The second line outputs that format to a new log file in the Apache log directory.

The final line pipes the format to a netcat command that sends the data to an IP address at a specific port. Note: IP Address is no live

Apache logs aren’t created unless there is traffic sent to the web server. After visiting the site on the same server that Graylog is on, it didn’t take long to see the data ingested in Graylog. This gave me the idea to continuously add more information to the Apache logs to suit my needs. I used the official Apache Log format documentation and some Loggly information in order to adjust the log formats to my liking.

Sending Remote Logs to Graylog on the Same Network

Now that I have both Linux system logs and Apache logs working, I replicated these steps on all my VMs, and Graylog was now obtaining logs from several VMs and two Raspberry Pis.

Sending Remote Logs to Locally Hosted Graylog

Once I had my own proof-of-concept Graylog instance running within my local network, I felt comfortable wanting to have the logs generated from this very site and server hosted at Digital Ocean sent to Graylog. This would require me to open my local network to the internet to reach my VM that housed Graylog.

This was another headache.

There’s lots of information on how to do this. Essentially, you would port forward traffic to your IP address provided by your ISP. That seems simple with most routers. However, my ISP provides Dynamic IP addresses that updates once-in-a-while. That’s a simple workaround with Dynamic DNS, where software check frequently to see if your IP address to the your ISP changes, if it does, it updates the software.

Well, that’s where I really got stuck. It turns out that that my internet is behind what is called a Carrier Grade NAT or CGNAT. There are a finite amount of IP address throughout the world, and the availability of these IP addresses is shrinking. To accommodate the amount of IP address an ISP may have, they may place certain neighborhoods behind a CGNAT.

The concept is similar to having a router in your home. A router creates a network for all the machines on that network that includes an IP address and creates new IP addresses for each machine that connects to the router. A CGNAT does the same thing for certain neighborhoods. Therefore, my home internet was assigned an IP address within the neighborhood network, and the neighborhood network that I’m a part of has an single IP address that broadcasts to the rest of the world. This means that port forwarding and dynamic DNS was not available.

This is where I recognized that I had hit another wall. I did find another option called ngrok, but it too was didn’t work the way I would like. After looking my known options, I chose to pack up my Graylog project for the time being.

Learning Splunk and New Motivation

I finally got mentorship with Splunk and after playing with it more, I was able to approach my goal at work and saw more possibilities with logging that reignited my interest with Graylog.

Since I was now a full year into managing a VPS for aaronweiss.me, I felt it might be an excellent opportunity to launch another VPS with the sole goal of logging. However, I knew I needed more RAM than my current little $5 droplet at Digital Ocean. To have a droplet with a minimum of 4 GB of RAM would be $20 per month. I felt that was too steep for a little project like this, which led me on a journey to find a VPS that had the resources I needed at a reasonable price.

Looking for low-priced VPS with that amount of RAM is not difficult, but there are companies you need to vet as they could be fly-by-night operations. I had located Hetzner and OVH first.

Hetzner has extremely low-cost VPSs available. A Single Core 4 GB VPS would be 5.68 euros which was roughly $6.73 per month based on the currency rate at the time of publication. Hetzner’s servers are located in Germany and Finland. Given that I’m solely concerned about logs, I didn’t need low latency, and this would have been okay.

I had also found OVH, which is a French company with servers located world-wide. I found they had a server Quebec for $10.58 with 2 vCPU and 4GB of RAM. I chose to start off with this company. After about a day of setting things up, I was able to ingest logs from my own website, VMs, and my Raspberry Pis and it was working very well.

But I wanted to reduce that cost even more. I finally found VPSDime which offers a $7 VPS with 6 GB of RAM and 4vCPUs. These resources at that price was suspicious to me, but after due diligence, the amount strong service and support reviews, I thought I’d try it out. The extra resources make a huge difference in speed. When I would restart Graylog or any portion of the stack on my VMs, it could take about 5 minutes to load. OVH took about 4 minutes to load. VPS Dime takes about a minute or less.

Support was great when I had an issue. Surprisingly, it wasn’t my issue or theirs. It was the lovely CenturyLink outage that occurred on August 30th, 2020.

Admittedly, OVH nor VPSDime’s interfaces were not nearly as intuitive as Digital Ocean, but I was able to navigate through VPS Dime just fine.

Monitoring and Events: My Use Case for Graylog

As I stated earlier, one of my primary goals of creating this logging infrastructure was to be able to have notifications sent when certain conditions trigger.

For time to time, I was getting an “Error Establishing a Database Connection” from WordPress on this website. Since I don’t go to my own website often, this error and downtime can occur for days. Unsure of when and what caused this, I had a difficult time finding the MySQL error log to see what cause the error. Luckily, restarting MySQL quickly restarted MySQL which brought the website backup in less than 10 seconds.

Among the reasons for this error are:

  • Incorrect database credentials
  • Corrupted database
  • Corrupted files
  • Issues with the database

Once I got Graylog up and running, I created an alert for the website any time a 500 error occurred that would email me. Finally, in late September, I received several dozen emails from the previous 8 hours while I was sleeping from Graylog stating that there was a 500 error. Lo and behold, my website was down with the “Error Establishing a Database Connection” notification from WordPress.

After I restarted MySQL, I found the first time this error occurred in Graylog, then found the MySQL log file and time it occurred. The error stated:

2020-09-26T06:02:14.370246Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).

A quick search pointed me to a Stack Overflow question and answer showing how to enable explicit_defaults_for_timestamp in MySQL. So now, it’s just waiting if this Database Connection occurs again. When it does, I’ll have the tools to search, discover, and investigate again.

Update: The issue wasn’t just the explicit_defaults_for_timestamp, it was also because my system needed a swap file. Despite the warnings that swap files can contribute to faster SSD degredation, I followed this Digital Ocean tutorial for Ubuntu Server 18.04 for create a swap file. Since then, there have been no MySQL failures.

The Future

Logging has been fun and I have a better understanding of how I can monitor the logs that each of my servers and websites produce. I still need to figure out how to get PHP and MySQL logs sent to Graylog, but I’m sure I’ll overcome that obstacle in due time.

Logging provides a smoking gun to why something has occurred, it may not provide the best understanding of what is running or other stats. That is where Nagios and Grafana come in to provide status monitoring and statistics and graphing.

Additionally, as I discovered in this journey, I’d prefer to run this Graylog instance on a Virtual Machine at my home, rather than spend another $7 per month for a VPS. I’ve looked into the use of a remote VPN server that will circumnavigate the CGNAT for a direct connection to the VM. That will ultimately provide more features than just allowing my remote VPS hosting aaronweiss.me to point to my VM. I could also allow this VPN to connect to other portions of my network such as accessing my Plex installation or using the same VPS server to run PiHole to block ads. a VPN server doesn’t need the same resources as Graylog, and could cost less and even us Digital Ocean if I wish.

Filed Under: Website Administration Tagged With: elasticsearch, graylog, logging, truenas, wordpress

How FreeNAS and WP-CLI Grew My Interest in Linux and Automation

April 6, 2020 by Aaron Weiss

Last year, I built a FreeNAS server. Initially, it was only meant as a means to store my computer backups and house my music and videos.

However, to do it right, meant I needed to perform commands in the shell, mostly to test the hard drives before I began to store files on them. I found an excellent resource, but I didn’t know what any of commands meant. I executed them and waited until they were done.

The same was for Bash scripts to automate system configuration backups, reports, and notifications.

It was when I stumbled across a some YouTube videos on how to run an Ubuntu Server to host your own websites did I finally test the Virtual Machine waters FreeNAS offered. I installed  Ubuntu 18.04 Server LTS on a VM, and learned a little at a time. The idea that I could learn a new operating system without buying another computer floored me.

Setting Goals

With VMs, CLI, and some basic web server understanding under my belt, I was ready to take a leap and move aaronweiss.me to a Digital Ocean server, but with the following goals:

  1. Separate WordPress Environments:
    • Development (DEV): Any new plugins, theme enhancements, or other changes that would affect the WordPress installation or how the software worked would be developed and tested on WordPress installation.  Plugin, theme, and core updates would also be completed and tested on this server.
    • Quality Assurance (QA): This environment was meant to test any changes made in the DEV environment as if it were a functional website. No changes would be made to this environment except common WordPress functions such as adding and managing posts and pages.
    • Production (PROD): This would the live website visible to the public. Like QA, major changes would not be made on this environment.
  2. Automated Deployment Scripts: Deploy changes from DEV to QA and then QA to PROD
  3. Maintenance Scripts: Create a script to check for security vulnerabilities, cleanup temporary files, backup site, optimize database, and compress images on all three environments.

The above goals meant I could successfully, host, develop, and maintain my website using a secure approach with lots of ways to quickly get up to speed if something were to happen.

Additional Achievements Unlocked

Once I achieved these goals, I was hooked on what else I could do. My next set of goals were:

  • Create an automated Digital Ocean snapshot script. Digital Ocean has a backup options, but only does so once per week. That didn’t fly with me, so I wrote DOCTL Remote Snapshots as a way to have some control of how often and how many snapshots would be created.
  • Learn GIT – I’ve had some Git knowledge through Microsoft Team Foundation Server at work. However, it was time to really learn Git. I combined this with my DOCTL Remote Snapshot script and now have a published repository.

Next Up:

  • Create a website monitoring script. I don’t need server up time, I need to know website up time. I want to know that my website can fully load and perform its basic tasks throughout the day.
  • Build a Raspberry Pi and install:
    • PiHole. PiHole is an free, open source ad blocker.
    • NUT (Network UPS Tool). The goal of this is a script to monitor two computers from Raspberry Pi and shut them down gracefully using one Uninterruptible Power Supply. I currently have two UPSs, one for my primary computer and one for my FreeNAS. The primary one can handle up to 850 watts which is enough to cover all my devices, but only has one UPS port to monitor the primary device. Ideally, NUT will allow monitoring over Ethernet and can handle the shutdown of both machines.
    • Additionally, these two programs also feed my yearning to want to build and learn Raspberry Pi.

These are some short-term goals that I think are obtainable for the future.

Filed Under: Website Administration Tagged With: Digital Ocean, DOCTL, linux, ubuntu, virtual machine, wordpress

Plugin Update Failed: How To Fix WordPress Plugin and Theme Permission Errors

December 6, 2019 by Aaron Weiss

Recently, when attempting to update some plugins and themes on my WordPress installation, I can across two errors:

Failure Updating Plugins

An error occurred while updating <plugin name>

WordPress plugin update failure: Update Failed: The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.
Example of a plugin update failure. Click to see an enlarged version.

And…

Failure Deleting Plugins

Plugin could not be deleted due to an error: Could not fully remove the plugin(s) my-plugin/my-plugin.php

Could not fully remove the plugin.
Example of a plugin deletion failure. Click to see an enlarged version.

The root of the problem is that same: permissions. I’ve found two ways to correct this if your WordPress website is hosted on a Linux server and you have shell access.

This error and solution is the same for WordPress themes too.

  1. Update the plugins or themes using WP-CLI
  2. Run a Linux command

Update Plugins or Themes with WP-CLI:

WP-CLI is a command line interface for Linux that allows you to complete WordPress tasks and functions using the Linux command line. This can be faster than completing the same many functions tasks within the WordPress Dashboard.

Built into WP-CLI is the ability to update plugins, themes, and even the core WordPress installation from the command line. This circumvents the problem because there are no interfaces with a browser, and therefore no need for the actual web server (usually Apache) getting involved.

  1. Install WP-CLI or use a host that has it installed by default like a2 Hosting.
  2. Run wp plugin update or wp theme update.

However, this is not a permanent solution. But learning the WP-CLI and creating scripts can increase the speed of completing WordPress functions.

Run a Linux Command

This is the best option because we’re actually fixing the problem.

sudo chown -R www-data /path/to/plugin

Replace “/path/to/plugin” which is usually something along the lines of /var/www/html/wp-content/plugins/ewww-image-optimizer, which was an example of the problem I faced.

This will give ownership of the directory back to Apache so that when you update the plugin again through WordPress’s update features, it should work permanently.

Conclusion

These are two great ways in which to correct the ownership issues with WordPress plugin and theme updates. While option 2 is clearly the permanent solution, updating using an automated script found in option 2 might be more helpful if you want to save time maintaining your WordPress website.

Filed Under: WordPress Tagged With: cli, command line interface, linux, linux shell, wordpress, wordpress errors, wp-cli

How My WordPress Website Got Hacked and How I Recovered

November 26, 2019 by Aaron Weiss

My WordPress website was hacked, and it was super embarrassing.

Just when my recent blog post about why you shouldn’t download nulled versions of BackupBuddy was starting to rank well for various keywords and gaining some decent traffic, my site began to redirect to another website. I couldn’t log into my website at all. I wasn’t able to find much information about this particular hack to fix it especially since I couldn’t gain access to my site.

However, I still had access to my server, and because I had an awesome disaster and recovery plan I was able to return my website back to a running instance quickly.

Why did my Website get Hacked?

I have not figured out what exactly happened. It could have been a bad plugin, which is making me reconsider what plugins are really necessary. I’ve always felt that the plugins that I’ve chosen were solid, but time to weed out plugins whose features can be moved to a functions.php file or other implementation.

I had also moved to Austin, TX, and not updated my site as I normally had done. I’d say this was my biggest mistake. I should have found time to maintain my website. I knew this in the back of my mind, and I didn’t commit to it.

How I Recovered My Site

Typically, I wold have ran a BackupBuddy recovery using importbuddy.php. However, since my website and dashboard was redirecting to another website, I was unable to access my site from a browser. Therefore, that was out of the picture.

Since I still had access to my server, I was able to utilize Digital Ocean’s backups and recover my site from a version that was less than one week old. Given that I didn’t have any new publishes or changes made to the website, this was fine and worked.

What are the Plans for the Future?

Essentially, better maintenance and updating of the website and platform on a more regular and automated basis.

I’ve previously created Bash scripts that check the site’s core installation, theme, and plugins for any known CVE vulnerabilities, created a full site backup, then optimizes the database, and notifies my by email was updates are available. However, the CVE vulnerability check stopped working. Since I was busy moving, I never had a chance to see this gap. However, this has been corrected as of late.

I don’t believe in automatic updates as any update can cause problems and I like to test updates, especially core and theme updates, very carefully before I commit. So my future automation will take that into consideration.

How Do I Feel About This Now?

I’m okay about it. It’s embarrassing, but I’ve also realized that it’s okay. It happens. I had a plan to recover and executed it perfectly. This happens with WordPress websites, and it gives me a chance to recognize the gaps in my WordPress maintenance and re-commit to what’s necessary for my website.

The absolute worst thing about this is that I lost lots of momentum with some SEO traffic for my BackupBuddy article, but that’s the name of the game. I believe if I continue to work on creating a great website, I don’t have much to work about long-term and my rankings will return.

Filed Under: Website Administration, WordPress Tagged With: backups, hacked, wordpress, wordpress maintenance

How to Add Google Analytics to WordPress

July 18, 2019 by Aaron Weiss

Adding Google Analytics to WordPress can be as easy as installing and configuring a plugin, as efficient as customizing a theme, or as performance and scalable option using Google Tag Manager.WordPress continues to be one of the most recognized content management systems for website owners thanks to it’s easy-to-use publishing features, extensibility, and low-entry costs. Now that you have a WordPress website running, it’s time to know:

  • How visitors are accessing your website
  • Where are they are located
  • Who they may be, and their interests
  • What they are viewing
  • Why they might be visiting your website
  • As well as many other metrics and data that can help you learn about your website’s traffic

It doesn’t matter why you’re using WordPress, the next step is to know how well your traffic is working for you and how to create narratives to make it work better. Google Analytic has becoming the industry standard for website analytics thanks to it’s entry-level features, broad data aquisition, and simple user experience.

Table of Contents

  • What is Google Analytics?
  • Create and Setup your Google Analytics Account
    • Create a Google Account
    • Create a Google Analytics Account
  • Installing Google Analytics on WordPress
    • Installing Google Analytics with a WordPress Plugin
    • Installing Google Analytics without a WordPress Plugin
    • Installing Google Analytics with Google Tag Manager and WordPress
  • Create a Privacy Policy
  • Testing Google Analytics and Google Tag Manager
  • Conclusion

There are many choices on how to add this popular and robust website analytics platform to your WordPress website, and the option you choose is dependent on your skill level, time, and interest in performance.

This article will provide insight on what Google Analytics is, the options to install it on your WordPress website, and how to let your visitors know how Google Analytics is capturing their information for transparency.

This article will not discuss:

  • eCommerce tracking
  • Understanding Google Analytics metrics
  • Full Google Analytics account optimization
  • Other Google Product Integration

These areas will be written at a different time, or are already discussed in other articles on this website.

What is Google Analytics?

Google Analytics is the most widely-used website analytics tool for websites, not just for WordPress. The platform can track website sessions, duration, page visits, and various other metrics. Individually, these metrics can provide some understanding of what’s going on, but other metrics and reporting can be combined to create narratives that help you understand what is really occurring on your website.

The most popular aspect of Google Analytics is that it is free. Yep. Doesn’t cost you a penny. There is a paid version, but for 99% of users, the free version has all the features you’ll ever need, and even features you’ll never use.

The robust features and reporting of Google Analytics can get you lost in the weeds when you see how much the service can accumulate and display data.

Google Analytics also has what is called an application programming interface (API). For day-to-day business owners and website administrators, an API isn’t necessary to understand or use Google Analytics. However, programmers can use Google Analytics’s API to connect to other services, and you may find yourself being introduced to another service or program that allows you to connect your Google Analytics account, properties, and views to combine these services with third-party applications.

Where did Google Analytics Come From?

I believe context is important. Google Analytics was purchased by Google in 2005 from a company called Urchin. Google has expanded their platform since then and it continues to be a free service that has conquered the analytics world.

Create and Setup your Google Analytics Account

1. Create a Google Account

The first this to do is to create a Google Account if you do not have one. Gmail is a popular service from Google and is among the most popular ways to use Google’s vast array of products and services. This would count as a Google account. However, you are not required to have a Gmail account or email address. If you have an email address that you’d prefer to use with Google’s products and services, that’s fine too.

Go to https://accounts.google.com/signup and either create your free Gmail account or use the email address you prefer. If you need help, check out this video:

Creating a Google Account Video

Note: There is no sound.

2. Create a Google Analytics Account

Once you’ve created a Google Account, now you’ll need to create a Google Analytics account. Go to https://analytics.google.com/analytics/web/ when logged in with your Google Account, and complete the steps. Here’s a video showing how it’s done:

Creating a Google Analyitcs Account Video

Note: There is no sound.

Account & Property Setup

You’ll be asked to enter the following:

  • Account Name: This can be generally anything you want.
  • Website Name: This will be the name of the first property in your Account. Typically, adding the domain name or website URL is the best option for single websites or first-time users.
  • Website URL: This will be your website’s URL. Be sure to select between https and http, and then enter your website’s URL. If your website doesn’t use www, do not add it.
  • Industry Category: Select the category that best resembles your website. This helps with benchmarking.
  • Reporting Time Zone: What time zone are you in?
  • Data Sharing: These are options to share your Google Analytics data within Google’s broader services. Typically, selecting “Google products & services” and “Benchmarking” is just fine.
  • Click on “Get Tracking ID”.

Agree to Terms of Service

You’ll then be taken to a few Terms of Agreement Pages. It is recommended to read and understand these agreements to understand what information Google tracks.

Tracking ID

You’ll then be taken to the Tracking Code page of your Google Analytics account. You’ll always have an opportunity to re-visit this page. You’ll be given a Universal Analytics ID (UA) that starts with UA-. You’ll also see some HTML code that needs to be added ideally between the <head></head> HTML code on every page of your website that you want to track. Don’t worry, we’ll get to adding this later.

Brief Overview of your Google Analytics Account

Creating an account will automatically create an Account, Property, and an All Web Site Data View. Here are the differences between an Account, Property, and View:

  • Accounts have high-level management of settings, users, filters, and can view change history.
  • Property(ies) allow you to house multiple websites under the account. Each website is considered a property. Under a website’s property, there are options to adjust broader aspects of the analytics code for the website. Consider your website a property.
  • Views allow you to adjust how your property captures data. In most cases, you’ll want to have a few different views. This will allow you to filter out various IP addresses, hostnames, and other traffic, manage your content and channel settings, among other options that help you report, manage, and display data.

Creating a new View

As stated above, your first and only view when you start a Google Analytics account is the All Web Site Data view.In this instance, we’re going to create one extra view. We’ll call this “Filtered” and we’ll filter out our current IP Address. This way, we will not collect information when we visit or our website.

More on Filters

Filters allow you filter out various types of traffic. In the following steps, we only be filtering your personal IP address. You can exclude traffic from internet service providers, subdirectories, or even specific hostnames. This will be handy later on if you use other services that crawl or access your website.

Create a new View.

Create a New View
Click here to enlarge

Use these settings to start:

  • Reporting View Name: Filtered
  • Reporting Time Zone: Choose your time zone
  • Click “Create View.”
New View Settings
Click here to enlarge

Adjust the View settings to ensure we’re filtering out known bots.

  • Bot Filtering: Enabled
  • Save.
Additional View Settings
Click here to enlarge

Before we setup our first filter, we need to know what our IP address is. Go to Google and type in “What’s my IP address”

What's My IP Address
Click here to enlarge

Come back to Google Analytics, and select Filters, then click on “Add Filter.”

Adding a Filter to a View
Click here to enlarge

Now you will enter the following:

  • Select “Create new Filter.”
  • Filter Name: IP Address
  • Filter Type: Predefined
    • Exclude
    • traffic from the IP addresses
    • that are equal to
  • Enter your IP address that you found on Google from one of the previous steps.
Add Filter to View
Click here to enlarge

Now, you’ll be able to browse your own WordPress website without Google Analytics capturing your visits as traffic.
We’ll come back to optimizing your Google Analytics account, properties, and views later in another article.

Installing Google Analytics on WordPress

There are many ways to install Google Analytics on your WordPress website. With so many options, there are various pros and cons. We’ll show three ways to add Google Analytics to your website; with a plugin, within your WordPress theme, and with Google Tag Manager, which can also be added within a plugin or theme.

Installing Google Analytics with a WordPress Plugin

There are no shortages for Google Analytics WordPress plugins available, and the competition is tight. Plugins are perfect for entry-level users who just need the basic setups. Below are a few of the most popular Google Analytics plugins for WordPress.As the comparison table shows above, among the pros of using a plugin is that they are east to install and basic functionality is free, with upgrade options to open a vast array of options.

Among the cons is that it’s another plugin that you’re introducing to your website, potentially slowing it down, increasing security vulnerabilities, may break or be incompatible with other plugins, or break functionality upon upgrade.

Pros and Cons of using Plugins

ProsCons
Easy to installAnother plugin, might slow down your site
Vast array of optionsNeeds to be updated
Free and Premium optionsSome options require premium purchases
Security implications
May break with updates
Caution: One common feature among the below plugins is they allow you to display Google Analytics data within WordPress. While these features might be helpful to some, the additional amount of processing this requires from your host may bog-down your website’s speed and performance. I recommend not using dashboard features and visiting Google Analytics directly to view your traffic data.

Most Popular Google Analytics WordPress Plugins

Google Analytics Dashboard Plugin for WordPress by MonsterInsights

This plugin was originally a Yoast product – the same company that brings you the popular Yoast SEO WordPress Plugin. A few years ago, the plugin was sold to MonsterInsights the same team behind WPBeginner.

Since then, the plugin’s more advanced features have been split between a free and paid version. The free version provides plenty of opportunities for intermediate tracking with Google Analytics. However, the paid versions are stupidly over-priced and don’t provide the level of services expected at that price point.

At the end of the day, this plugin does the job just fine.

Google Analytics Dashboard for WP by ExactMetrics

This Google Analytics WordPress plugin is also also by the same company behind WPBeginner and MonsterInsights is this plugin. Yep, this plugin was acquired by Syed Balkhi in May 2018. It’s strange that a company would choose to acquire two separate Google Analytics WordPress plugins, essentially cornering Google Analytics WordPress plugin market. In hindsight, it’s not a good idea for a free plugin that provides the same features that MonsterInsights is offering a exorbitant prices to run amok.

At this time (July 2019), this plugin continues to provide a robust set of features that the MonsterInsights version only offers but at no charge. However, be prepared for this plugin to either be merged into the aforementioned MonsterInsights version or having more advanced features placed under a premium version. Get it before it’s locked down.

The Rest

The remaining Google Analytics plugins for WordPress offer more or less of the same thing, and there are tons of choices. Unfortunately, to have full control over how Google Analytics is installed and setup on your WordPress website requires a premium or professional version of a plugin.

Installing Google Analytics without a WordPress Plugin

If you’re looking to reduce your server’s load with one less plugin and you feel comfortable with adding Google Analytics to your WordPress website at your theme’s template level, this method is your best bet.There are two additional options in this situation. You can add the code provided in the Tracking Code section of Google Analytics to your header.php file the safer option, or to your functions.php file the cleanest option.

Pros and Cons of using a Theme

ProsCons
FreeRequires some comfort with working with code
Learn to work with theme filesMight be over-written with theme updates
Some themes provide native supportSome options require premium purchases
Caution: Regardless of either method, it is imperative that you understand that either of these methods is advanced and that you should backup your WordPress with the backup method you feel is the best option, and that you can recover a backup if something goes wrong. Read the blog post “You Need a Backup and Disaster Recovery Plan” to understand the importance of backing up your website and knowing how to recover.
Theme Options

Your WordPress theme may offer an area where you can either add your Google Analytics code, or just the UA code. The only downside to this method is it doesn’t give you an option to place the code exactly where you may want it to go, or their code implementation isn’t fully compatible.

Google Analytics Code in header.php

This method is the safest option and will allow you install the Google Analytics code directly between the <head> </head> HTML elements, which is where Google Analytics prefers for it to be installed.

Simply navigate from your WordPress Dashboard to Appearance > Themes > Editor, and then find the header.php file and click on it. In there, somewhere before the </head> HTML element, you can copy and paste the Google Analytics code provided in the Tracking Code page in Google Analytics. Save and test. It will look something like this:

Boom. You’re done.

Google Analytics Code in a WordPress Theme’s functions.php

This option can be a little riskier, and is the preferred method if you want a really slick, performance-focused website. However, if you miss something you’ll get the infamous WordPress white screen of death. I recommend making a backup of this file, or your entire website for that matter, and be ready to move the backup functions.php file to your server in case your experience an issue.

Using this route essentially creates a new action that places the code on the page in a specific spot. The benefit to this method is that you can move this action around as you need to in case other scripts or code needs to be added before or after it.

Simply navigate from your WordPress Dashboard to Appearance > Themes > Editor, and then find the functions.php file and click on it. At the very bottom of this file enter the following code and replace the UA code with your own unique UA code.

Installing Google Analytics with Google Tag Manager and WordPress

The previous methods work well. However, there’s another advanced option that might benefit you if you plan on expanding the amount of scripts that appear on your website, such as Facebook Pixel or other marketing and tracking codes.The biggest benefit to this option is that when you need to install more tracking code on your website, you don’t need to install that code using a plugin or in your WordPress theme’s template files, which as stated earlier, is risky.

Instead of adding just Google Analytics code, you’ll add Google Tag Manager code. Google Tag Manager allows you to create various containers that contain scripts or code that can be executed based on various triggers. Additionally, the Tag Manager code loads asynchronously, which means it loads in parallel to your website’s other requests. If you installed multiple tracking codes directly on your website, each script would be loaded one-by-one, slowing down your site’s loading time.

Pros and Cons of Google Tag Manager

ProsCons
FreeNeed to add as a plugin or in a theme
Install other tracking scriptsCan be complicated
Lightweight and fast
Use the same Google Account

Unlike Google Analytics, Google Tag Manager has two sets of code that needs to be added to your website. Once set will be added within the <head></head> HTML elements, and another set right after the open of the <body> element. This means you’ll need to edit two WordPress theme files, or just your functions.php file.

Create a Google Tag Manager Account & Publish Your First Container

When you first visit Google Tag Manager, click on “Create Account”.

Create a Google Tag Manager Account
Click here to enlarge

On the new account setup page, you will enter in your:

  • Account Name
  • Select your Country
  • Container Name
  • Choose “Web”
  • Click “Create”
Setup your Google Tag Manager Account
Click here to enlarge

You’ll now be presented with two sets of code. The first will be added between the <head></head> HTML elements and sections on your WordPress website. Please see the code below to learn how to install that code on your website.

Google Tag Manager Code and Installation Instructions
Click here to enlarge

Next, you’ll create a “New Tag.”

Create a new Google Tag Manager Tag
Click here to enlarge

You will choose a Tag Type. In this instance, you’ll select, “Google Analytics – Universal Analytics.”

Choose Google Analytics Predefined tag type in Google Tag Manager
Click here to enlarge

Now, you will change the name of the Tag to “Google Analytics”, and click on the Tag Configuration edit button.

New Tag Setup
Click here to enlarge

With the Tag Type already selected, you can use these settings:

  • Track Type: Page View
  • Enable ovverriding settings in this tag
  • Enter your Google Analytics Tracking ID Code. Remember, this starts with the UA-

You’re welcome to review other settings and adjust to your needs.

Tag Manager Tag Configuration
Click here to enlarge

Next, you will choose to add a new Trigger.

Create a New Trigger
Click here to enlarge

Because you selected Google Analytics earlier, a trigger named “All Pages” with a Type of “Page View” is avaialble for you to select. Go ahead and select it.

Choose all page triggers in Google Tag Manager
Click here to enlarge

Save the New Tag.

Save Tag in Tag Manager
Click here to enlarge

Submit your Workspace. and add optional description.

Submit Workspace Update
Click here to enlarge

Write an optional, informative description about your workspace and version. Then click “Publish”.

Google Tag Manager Submit Workspace for Publish
Click here to enlarge

Last, you’ll be presented with a result page of your publish.

Google Tag Manager Publish Results
Click here to enlarge

Google Tag Manager Code in functions.php

Next, we’ll install the code. Again, we’re presented with the option of adding this code with a WordPress plugin, or in theme files. However, for simplicity, we’ll simply use a functions.php file.

Enter the code below in your functions.php file and replace the XXXXXX with your GTM– code in both places.

It’s better to use this code which tells WordPress to place the necessary code in both places, rather than edit two files.

Save and Test.

Create a Privacy Policy Page on WordPress

You might thing that we’re done, but to be fully transparent, comply with most government regulations, and even Google Analytics’s terms of service, you need to let your visitors know that you are using this service which collects data from your visitors in a Privacy Policy page.

If you’ve installed WordPress recently, you’ll automatically have a Privacy Policy page created to help you get started. Feel free to review my own Privacy Policy page and copy and adjust that information to your needs.

Testing Google Analytics and Google Tag Manager with Google Tag Assistant

Other than checking your website’s source (usually Ctrl + C on Windows, Command + U on Mac, or right-click and “view source” on most browsers), you can also install Google’s Tag Assistant on Chrome.

This browser extension helps you check to see if a particular Google services’ code is installed correctly on your website or any website for that matter. Not only does this work with Tag Manager and Google Analytics, it also works with Google Ads too.

Enjoy Google Analytics on Your WordPress Website

It’s all over! You did it!

Now go forth and create great content on your website and share it with the world. You’ll start seeing data appear in your Google Analytics account soon.

Next, learn how you can either optimize your Google Analytics settings for more accurate data capture and what your Google Analytics data means and how to take action.

Filed Under: Film & Television, Google Analytics, WordPress Tagged With: google analytics, google tag manager, plugins, themes, wordpress

Incrementalism in Website Development: Why Websites Are Never “Done.”

March 29, 2019 by Aaron Weiss

My girlfriend has been exercising with the help of Julian Michaels the last several months, and her results have been awesome. As I am practicing my own Guitar Aerobics, with vast improvement, I’ve over-heard Julian yell to my girlfriend several times as she re-watches a certain video, “Perfect is boring. Perfect sucks”.

She’s right.

Many yearn for it. Our education system brainwashes us with it. Our employers and clients expect it. The truth is, “perfect” is a subjective and terrible goal.

I’ve seen hundreds of websites launch. Some taking as long as three years or more to successfully launch. From the moment the contract’s ink dries to publication in an industry as fickle and constantly evolving as website development, crafting the “perfect website” is rarely worth the time, expense, emotion, and distracts from the primary objective.

Instead, start small, focus on what is truly essential, and improve on what you have incrementally. A valuable website is always evolving, and therefore, is never “done.” 

Starting Small

When building any website or application, start small. If your website will be brand new, you don’t need dozens of pages. Nope. Here are the basics of what you need:

  • Who
  • What
  • When
  • Where
  • Why

All of those can be answered in just a few pages:

  • Descriptive but short homepage
  • About page
  • Contact page
  • Privacy policy, disclosures, and other regulatory requirements

That is all you need to start your website. Have it proof-read, launch it, and print the business cards. Starting small also might relieve some pressure of launching a site and getting back to business. It can also help get some basic aspects of SEO started too.

I didn’t follow my own advice

Despite seeing so many websites struggle to go live over the years, I had to look in the mirror. I also took too long trying to launch my own website and re-start my own personal brand.

Predominately, I spent WAY too long trying to get the search feature that I wanted. Too many long days finding a method, getting it to work, kinda, or at least in a fashion that wasn’t satisfactory to me.

Because I failed so many times, it discouraged me from moving along in developing my website, and growing my personal brand.

When I did follow my own advice

Finally, I had realized I didn’t need certain features on my website’s initial release.

The first one was an expandable search bar in the navigation mentioned above. Why? I went back to following my own advice: Start small and improve incrementally. Why did I want it initially? Search features are important to growing websites, and an expandable search bar looks cool. Something looking cool and being a functional attribute are two different things.

Next, my website was small. Just a few pages. If I launch my website with just a home page, about page, and contact page, why would I need search functionality? Therefore, the search bar was removed from my initial release.

I also didn’t include a blog. Why? I didn’t have any posts written yet. I didn’t need a section on my homepage. I spent too long creating a section of my homepage that would display my most recent blog posts. It looked pretty cool. The problem, I didn’t have anything worthy of publication, yet.

So got back to the basics: who am I, what I do, where and how to contact me, and when to expect a response. Therefore, I unpublished my blog page and removed that section from my website.

The website was finally launched successfully. I’m quite proud of it, especially because it’s light-weight, fast, simple to the point, and portrays the values that I wish to project about my talents and experience. It’s not flashy — it’s functional. It leverages some features I’ve never truly had a chance to use in the past, as well as deploy processes and concepts that I’ve learned at my day job.

Incrementalism

Some product development companies have been using SCRUM and similar processes to build and improve products and applications for the last few decades. Instead of building one “perfect” product release, a minimal viable product would be produced. Little-by-little that product would be continuously improved. Teams would collect bugs and new features, decide on which ones to develop, test those changes, and then deploy the a new release before starting the next so-called “sprint.” I admit that’s a very lay-persons version of the process, but simple enough for this example.

Now that my own website is launched, I’ll be writing more blog posts and deploying that super-cool super-functional blog post section on the homepage. I’ll even be following my own content schedule to ensure I’ll have reasonable amount of content published in a reasonable amount of time. Most of all, I’ll have a website that promotes me and expresses my talents. I’ll also be adding some improvements overtime. But just a few improvements overtime, tested rigorously in an development environment.

One of those improvements of late is a working expandable search bar in the navigation, finally:

Animation of this website's expandable search bar in the navigation

It truly is the little things.

 

Photo credit: https://en.wikipedia.org/wiki/File:Simple-kanban-board-.jpg

Filed Under: Website Administration Tagged With: incrementalism, minimalism, personal brand, scrum, wordpress

Primary Sidebar

Recent Posts

  • TrueNAS Virtual Machine with Ubuntu 18.04 Halting with Signal 11
  • Proxmox ZFS Disk Replacement and Drive Expansion
  • How To Create ZFS Backups in Proxmox
  • Multiple UPS on the same NUT-Server
  • Learning Graylog for Fun and Profit

Categories

  • Film & Television
  • Google Analytics
  • Guitar
  • Lifestyle
  • Projects
  • Proxmox
  • Search Engine Optimization
  • Technology
  • TrueNAS
  • Uncategorized
  • Website Administration
  • WordPress
  • Home
  • Blog
  • About Aaron Weiss
  • Contact
  • Privacy Policy
  • Affiliate Disclosure

© Aaron Weiss. Built with WordPress using the Genesis Framework. Hosted on a2 Hosting and DigitalOcean. Aaron Weiss's LinkedIn Profile