This morning I read a new article from Joshua A. Krisch posted to called “Why Email Is So Stressful, According To Science”. As the headline makes clear, the author believes that email anxiety is one of the biggest causes of stress for the average office worker.

Everyone seems to have their own system for dealing with email, whether it’s treating it like a game, trying for inbox zero, responding to a few at a time and ignoring the rest, or throwing their hands up and declaring email bankruptcy.

The last option is not uncommon, but is also scary since we all assume that somewhere in those unread emails is that exact opportunity that we’ve been waiting for, and it’s through our inability to manage the growing pile of correspondence that we’re missing out.

Another fear is that we’ve waited too long to respond to an email, and as time goes on we naturally want to respond to it less, as our guilt around not responding grows. The podcast Reply All decided to fight back two years ago by starting the holiday Email Debt Forgiveness Day, which was just a few weeks ago. If you missed out you can still find info on their site on how to celebrate, along with a helpful email template.

But does it have to be this hard? I get stress from email time to time, but I admit that it’s never been all-consuming in my life, personal or work. I don’t think that I’m preternaturally disposed to being less stressed by communication, far from it. I have found a few things that make email easier to manage for me, and I’m going to put on my productivity wizard hat to dictate how you should handle your communications.

1. Check Email Less Frequently

This one should be the most straightforward. If you check email less frequently, you have a better opportunity to treat it like a discrete event. Use the novelty of checking a few times per day to provide more focus to what you’re checking.

I keep my inbox clean enough that I’m ok with keeping it in reverse chronological order. I click at the top, and have the Gmail settings for the send and archive buttons as well as the auto-advance lab feature on. I also use keyboard shortcuts on my accounts, allowing me to use my keyboard more, which I’m already using to write.

You can find the Send & Archive button as well as the keyboard shortcuts in Gmail in the settings page located at The Auto-Advance lab feature can be turned on here:

The Send & Archive button on email compose means I save a few clicks and a screen load.
The Auto-advance feature also saves time by letting me move directly from one email to the next.

Using those features I can more quickly progress through email while clearing out my inbox. Every email is acted on and archived.

I start out with a win by making a lot of email skip the inbox in the first place by filtering them to folders if they are automated notifications or newsletters. I currently use to group emails together, but I’m phasing it out as I transition to a new email account.

2. Get off of the Notification Cycle

I’m not a fan of notifications pretty much anywhere. I have a few things that can send me notifications like work messages and texts, but otherwise I let apps and websites stay quiet unless I choose to check on them.

I could expound upon how this relates to email specifically, but honestly it helps reduce stress with a lot of how I use the web. I end up checking some things more frequently than I’d like, but I let them fit to my schedule, not the other way around.

3. Know When to Say No/Manage Expectations

I know the urge to say yes to requests can be powerful. I do this all the time, and I don’t fault anyone else who does. It’s only over the past few years that I’ve started learning how to say no to things that don’t fit my skillset, or that don’t directly help me gain new skills or serve clients better.

I get the idea that you miss 100% of shots not taken, but maybe those aren’t the shots that I should be taking anyway.

I also try to let people know when and how I’ll respond, if I am going to have to pass on something, or if there will be further action taken. Being direct is one of the best things that I’ve learned to do in email both to set expectations for others, as well as clarify my thinking.

If I can put my desires into words, I can have a better chance of making them happen.

4. Treat Email as a Separate Medium

This is a habit that’s hard to make. What I mean by treating email as a separate medium is that it’s not a text, it’s not a letter, and it’s not a social media update. Email has existed in a similar form to what we use now for almost fifty years, yet we still want to write full letters with greetings and salutations.

Chances are I know who you are if I’m responding to an email, and vice versa. I understand that some people feel rude sending short emails, but generally an email that can be answered quickly – or doesn’t require an answer at all – makes recipients feel even better. One hundred people can send me emails that individually take them a few moments to compose, but if they all send in teh same day that equals hours of time dealing with them.

On the topic of emails without response, I’m still looking for a polite way to let people know that emails don’t require a response. Don’t feel obligated to send me a “Thanks for handling this!” email, when all it ends up meaning is another message to manage.

So, that’s my attempt at an email listicle. What email tricks should I be trying out? Make me feel more productive!

I’m giving a talk this weekend at Florida DrupalCamp on some basic personal security tips. The focus isn’t on development security, or on securing Drupal projects, but instead is meant to be applicable to pretty much everybody.

If you spend any time on the internet, this guide can offer some help to you. First:

Why do I need to care about this?

Let’s get one of the common misconceptions out of the way:

I don’t have anything to hide, so I don’t need to worry about privacy.

I honestly can’t think of anyone that this statement is true about. Everyone has something that they don’t want others to see, for whatever reason. If I were to ask you for access to every digital account that you own (not to mention your home and all other personal belongings), you would probably not give me access to any of them, even with my solemn pinky oath to not touch anything. The fact that I’m asking gives you pause. Now how about those that don’t bother with the pleasantries?

You have something of value to lose online. That’s a fact of life now, and while you may be thinking of embarrassing emails or compromising texts, there are other things like workplace data, financial accounts, health records, and more that are vulnerable if you do not maintain some basic web security. With the insidious chaining together of accounts, now you have the danger of one insecure email address allowing all accounts to be compromised.

Even if you still think that you don’t personally need to worry about security, what about those around you? There is a safety in numbers. When someone is alone in using encrypted communications, they stand out to profilers, even if the content of their communications does not. When everyone around them is using encrypted communications as well, now there’s just so much more chatter to stay safe in.

Like inoculations against illness serve to inordinately protect the members of society with the weakest immune systems, the group protection that comes from supporting secure software helps those most vulnerable who rely on these tools. Also, your insecure devices can be used to launch attacks that can affect everyone, and those insecurities are not going away anytime soon.

So now that we’ve covered that it’s important to care about your online security, where do we start?

What’s Your Profile?

We’re looking to define two profiles to start with: your Attack Surface Profile, and your Adversary Profile. These will help us determine where to put effort in building our security profile.

Attack Surface Profile: The ways that you can conceivably be compromised. This is the cellphone in your pocket, the accounts that you have logged in automatically on your laptop, the fact that your email address is linked to your Amazon credit card. You will miss some of these, but the major ones are where it matters most.

Adversary Profile: Who conceivably cares enough about you that you need to secure yourself against? Are you going through a divorce or custody battle, with lawyers watching your every move? Are you exploring your sexuality or religion in a setting where harm can come from exposure? In addition to these or other specific threats, you have the general drive-by attacks done on accounts related to data breaches to worry about.

Security Profile: Now that you’ve defined your Attack Surface Profile and your Adversary Profile, you can create your security profile. You’ve identified that you use your laptop at coffeeshops regularly, and commit to avoiding using financial services there. You want to avoid being tracked while going to a sensitive meeting, so you leave your phone at home. You want to learn more about things that may be socially unacceptable, so you use TOR browser to hide your browsing history.

How Can I Get Started?

There are a wide variety of tools available with varying degrees of complexity and protections afforded. A few suggestions:

  • Use a password manager. There is the possibility that these tools can be compromised, but they are much better than memorizing (meaning reusing) passwords, which you should stop doing. LastPass is a free web-based tool, and KeePass is an open source password manager that lives on your computer.
  • Enable two factor authentication everywhere that you can. That means email, social media accounts, developer accounts like hosting and Github, everywhere. Two factor authentication is generally accessed via a text or app on your phone, and is used as a secondary method to prove you are who you say you are.
  • Switch to Signal for messaging. It doesn’t have the pretty colored bubbles of iMessage, but get over it. Signal is the current standard for end-to-end encrypted messaging, which means nobody without access to either device can read the messages being sent. It is compatible with all major phone brands, and has all of the features that any standard messenger has, plus some bonus goodies like secure VOIP calls.
  • Check your privacy settings on Chrome, Firefox, Twitter and Facebook.
  • Take advantage of the tools that the EFF makes for privacy. This includes HTTPS Everywhere, to encrypt your browsing to and from websites, and Privacy Badger, which is a custom tailored ad and tracker blocker.

This is too much. Isn’t this impossible anyway?

I agree, there are a lot of things that you have to worry about to maintain your privacy and security. There will always be something that you miss, but that doesn’t mean that you shouldn’t try. If you lock your house or car you are engaged in a similar decision-making process. Sure, a burglar could smash a window and get in, but they’re more likely to move on in search of an easier target.

Don’t give up on security! It is becoming easier than ever to maintain some of your privacy and information security thanks to the work of countless contributors to open source tools. Support their work, and protect your freedoms!

Your Cybersecurity Self-Defense Cheat Sheet, Jacob Brogan, Slate. 1 February 2017.
The Privacy Paradox Tip Sheet, Manoush Zomorodi, WNYC. 10 February 2017.
Tor Overview: Staying Anonymous. Retrieved 17 February 2017.

I told myself that I would endeavor to create a project using an entirely new-to-me technology every month, and on the last possible day in January I’m doing a writeup on a bit of bash and wp-cli code written for last week’s WordPress Orlando Meetup.

While I didn’t quite hit the mark, I did learn quite a bit more about WP-CLI and bash scripting, so I’ll count that as a win.

The script that we’re going to refer to in the post is here: This is intended as a follow up to this post on using VVV, VV, and WP-CLI to setup new sites.

What are we doing here?

The script does quite a few things to set up a new WordPress site with some defaults. I made the selections based on my common usage, but the script has been made general enough that it can be modified as you see fit for your own needs.

First, I’ve got a few constants in the script, including a username that I like to use for these sites, so I get something other than “admin” that isn’t random. It also sets an email for all accounts, and the specific VV blueprint that I want to use. I can cover blueprints at a later time, but for now check out some information about them at the VV Github page.

Next up I use the name that was input after the command to run this script was issued to create the name and domain of the website. A password and table prefix (the wp_ portion of the WordPress database tables) are both randomly generated. The password is copied to the clipboard to allow me to paste it in while logging into the site for the first time.

The command below does quite a bit. It uses VV to create a new site on my VVV install, with the name and domain supplied, the username and email that I pre-set, and the table prefix and password that were just generated for us. It also turns on debug, calls the VV blueprint that I’ve setup, and tells VV to use all other defaults that it normally supplies.

yes | vv create -n $name -d $ --username $wpuser --password $password --email $email --prefix $prefix -x -b $blueprint --defaults

VV and the blueprint do the bulk of the initial setup, but there are still a lot of things to do.

Continuing Site Setup With WP-CLI

There are a lot of tasks that I do on almost every site, most outlined on the previous post, but as a recap:

  • Deleting the “Hello Dolly” plugin as well as all default themes except for the current year default
  • Activating the premium plugins and themes that I use. This includes the Genesis theme, as well as Gravity Forms, iThemes Security and Sync, BackupBuddy, and Advanced Custom Field.
  • Deleting the default page, post, and comment
  • Creating home and blog pages, and setting them to display as home and blog, respectively
  • Creating About and Contact pages
  • Creating a menu with all of the pages that I’ve created, and setting it to the primary menu
  • Removing all default widgets from the sidebar
  • Creating a category titled “News”, and setting it as the default category, to avoid posts being labeled as uncategorized

Finally, I have the script open up Chrome to the login page for the site that was just created. There I can type in my username and paste in the generated password. Eventually this step can be scripted as well, to automatically log me in.

And there we have it: a fully setup staging site that saves us hours on creation and setting up defaults that will be used over and over again!

Drawbacks to the current bash script method

That’s not to say that this is perfect. By all accounts there’s plenty that I can do to fix up this script. I started working on an integration with the Lastpass-CLI for instance, to use their password generator and to automatically save my passwords to avoid being prompted when I first load the site. For some reason I was unable to get it working, and removed that feature to get it done in time for the meetup

Gravity Forms also has a CLI, though with the downside of needing to be installed as a plugin first. If I install the plugin though, I can use that to install and license my copy of Gravity Forms, as well as import some default forms. I’m going to add that to a future version of this builder, as most sites that I make will have a contact and newsletter form with a few fields by default.

Finally, I want to work on executing the script on the server, as opposed to on my local machine. I can set this up with a bit of forethought, but it’d be beneficial to have some sort of installer to allow anyone to input their specifics (credentials, email, install directory, plugins to activate, etc). For now, I’m using vassh, which was developed specifically to run

vagrant ssh

followed by a WP-CLI command, but the tool is not very efficient. Currently it opens and closes a connection with each command, which quickly adds up when you’re running several dozen commands like this script is.

Who wants to start building new sites quicker? Whether for yourself, for friends, or for clients, you have probably set up more than a few WordPress sites by now. There are probably quite a few things that you do on a regular basis for those sites, right? Here’s a few things that I do:

  • Pull and verify WP Core
  • Pull Latest version of Akismet, Jetpack and Duplicator from repo and activate
  • Pull latest version of BackupBuddy, Security and Sync from iThemes, Gravity Forms and Advanced Custom Fields Pro and ACF Repeater Field (I don’t know how many of these things can be done since they are premium) and activate
  • Do setup of Sync/Security/BackupBuddy as necessary
  • Pull latest version of Genesis & latest of genesis-project-base (I’ll put that on BitBucket soon)
  • Remove sample page, post and comment
  • Set ACF Pro and Gravity Forms Licenses
  • Set Gravity Forms to output HTML5 (default is off, I want it on)
  • Extended CPTS and Extended Taxonomies
  • Create admin account (OBM) with random password, emailing to
  • Set Site Title based on project Title
  • Set time zone to “New York”, since that’s the case for most builds I do
  • Set permalink structure to /%postname%/
  • Create private BitBucket git repo for site
  • Add user/pass to LastPass
  • Create Trello board for site
  • Create Sublime Text Project
  • Open Browser to site
  • Open Sublime Text
  • IFTTT?

I do those steps for almost every site that I make. Doing so by hand would take an hour of clicking around from screen to screen, waiting for pages to load, modifying settings, and refreshing pages.

Each of these steps have something in common: since they are done via a computer, they can be defined in terms that a computer can understand. This is where we can begin to automate our process.

Vagrant is a container solution, similar to Docker, which allows you to create containerized sites. VVV is a Vagrant box, which is basically a set of instructions on how to build a server. I’m going to update my post on setting these up, as there are some useful changes coming to version 2 of VVV, but for now I’ll refer you to this post from last year on setup.

The other thing that we’re going to use is WP-CLI, and we’re going to pair it with VASSH, a tool to make it easy to SSH into a VVV box. All this means is that we’re going to use some command line tools made to do things with WordPress, like add new themes and plugins, and change the posts.

Start with the slide deck below on why you may want to give this a try, then move on to the next post which gives some notes on the specific bash script written to do the automation, as well as some of the drawbacks of it as a solution. This post will be updated with version 2 of VVV.

Edit: the poster of the slide deck removed it from the web.

I’ve been using Vagrant with VirtualBox for local development for over a year now, after introduction to the tools on top of Varying Vagrant Vagrants at a WordCamp. It’s become my default standard for starting new WordPress sites, and it’s more highly accessible than I realized at the time that I first tried it, though it can also be a bit of a black box from the outside.

Throughout the post I’m going to cover a quick install guide (though by no means exhaustive), and borrow heavily from a guide that I put together and am keeping updated on my Github page. I also discussed this at a developer meetup for WordPress Orlando last month, which you can check out if you want to give ServerPress or MAMP a try too.

Note, I’m coming at this from a Mac, which used to drive me bananas in guides, so apologies if you’re on Windows.

Installing Virtual Box, Vagrant, VVV, and VV

First, let’s talk about what we’re setting up here. The outcome of this post should give you a local development environment for WordPress sites that you can start and expand upon rapidly, making it easier to build new sites for yourself or your clients. We’re going to start by downloading and installing VirtualBox, which is by far the largest part of this project. I use Virtual Box because it is free and accessible for a wide variety of platforms, but VVV supports Parallels, Hyper-V, VMWare Fusion, and VMWare Workstation as well.

After you’ve downloaded and installed VirtualBox, you’ll want to ensure that you have Vagrant installed. This can be installed a wide variety of ways, but the most straightforward is going to the official download page and installing the version that matches your computer. After Vagrant is installed you should be able to open Terminal and type the command vagrant and see a list of flags that you can use.

You’ll also need Git for some of this, so if you don’t have it, download here and install it.

Vagrant installed on Terminal

Next, you’re going to install vagrant-hostupdater with the command vagrant plugin install vagrant-hostsupdater, then install vagrant-triggers by typing vagrant plugin install vagrant-triggers into Terminal too. These tools will allow Vagrant to automatically set hosts for you, which are a pain in the butt on your own, and allow triggers to run, which lets other programs (say VV?) attach their own events to Vagrant.

Up next, install Varying Vagrant Vagrants, which is thankfully shortened to VVV. You can do this in Terminal too, using the command git clone git:// vagrant-local. You’re going to move into that directory by typing cd vagrant-local, since vagrant-local is the name of the folder that you made and put it into when you cloned it to your computer.

The next portion of this is really long. Like, don’t do this at a coffeeshop or via a mobile data plan long. Probably should give fair warning that setting up VVV is a long process on slow internet. Let’s assume that you are on fast internet or have plenty of time to kill. Thankfully you can run this in the background and go along your day, provided heavy YouTube viewing is not part of your downtime. Run the command vagrant up, which is a command that you’ll be getting used to over time. The first time that you run the command it will have to download a whole box for Virtual Box, basically meaning you’re downloading and installing a new operating system that will run alongside your existing one.

When VVV is installed, you should be able to visit in your browser and see it in all of it’s glory!

Default VVV page
In the next post, we’ll make this page show useful information and look pretty.

Look, at this point you probably need a coffee or something. Relax, you’re doing great, and treat yourself to that caffeinated goodness.

Site Creation with VV

To make site creation even easier, we’re going to use Brad Parbs‘ cool tool Variable VVV, or VV for short. There are a few methods to install this, and while I use HomeBrew which makes it rather easy, in the event that you don’t, check out his install instructions here:

With VV installed you can use the command vv --create to install new WordPress sites to a single VVV install with ease. I’m going to save the discussion on how to do that for the next post, since it can cover quite a bit.

Next Time on the Show!

I’m going to go through some enhancements in my next post on this topic, like using a custom VVV dashboard, how to get value out of VV, how I make VVV a bit easier to use, and some of the testing that I’ve done around squeezing performance out of VVV and making it load faster.

I hope that if you’ve stuck around for the journey you were able to successfully get going, or at least will give it a shot. If you’re having any trouble, please leave a comment and I’ll try to help you out here so others can troubleshoot too.