Securing the Future of Shenandoah

Shenandoah literary magazine

As discussed in my last post, I’ve been working on getting all the sites I run secured.  An immediate candidate was the Shenandoah literary magazine. In 2010 I worked with Martha Burtis to design the site and have been hosting and maintaining it ever since. I have really enjoyed working with the editor R.T. Smith these last seven years, but he has announced his retirement this coming Spring. Well deserved. He took on the Herculean and unpopular task of moving a well respected physical publication entirely online. He weathered it beautifully, and with over a million views last year and half a million visitors the site has 25x the amount of exposure it did seven years ago. 

Traffic from August 1, 2011 – August 1, 2012

Traffic from August 1, 2016 – August 1, 2017

This is a very solid base to build on for whomever comes next, and I imagine the new editor will have some ideas of how to keep broadening access. What I loved about Rod’s vision is that it was open and accessible to everyone online: no logins, no paywalls, no nothing. Bringing culture to the interwebs is never a bad thing. That said, at the very least the site is due for a more responsive redesign. It will be interesting to see what the future has in store for Shenandoah, and I plan on making the transition to the new editor as seamless as possible. I will probably bow out as the “webmaster” once Rod leaves given my other commitments, but I plan on staying around long enough to make sure all is well. One of the things that has been on my list is securing Shenandoah to make sure the main site, the Snopes blog, and all 11 (soon to be 12) issues load over https.

To that end I issued a free Let’s Encrypt certificate yesterday, and ran the SSL Insecure Content Fixer plugin across the entire network. That worked seamlessly. It is worth noting that Shenandoah is a WordPress Multisite instance in which the blog and all 11 (soon to be 12) issues are their own site within the multisite. It is a subdirectory setup, so all the sites can be secured by one Let’s Encrypt certificate, which is nice. Once I forced SSL the two errors I got were caused by a network activated plugin that was outdated (pictured below) and an insecure image on the front page of several issues (the image was embedded from another site that did not have SSL). 

I deactivated the offending plugin, and I am looking for an alternative presently. I also replaced the embedded image with a local, secure alternative and all is well. The site is now running securely over https, and I will need to make sure there are no broken media links as a result. So if you see something, say something in the comments of this post.

There is a certain amount of satisfaction in having Shenandoah run securely over https. I admittedly waited too long, but better late than never.  It is also provides a long overdue push to start getting some other things shored up as we prepare for the future.