The site has been up for two weeks and I have been making continual improvements to its functionality. The comments editor has been updated. There is a decent feedback form now. Posts can be searched for, listed by monthly archive or by category. The links section has been greatly expanded. The about page is a bit more comprehensive. Google ads and analytics are in place. RSS feeds are available through feedburner now as well as an email subscription. I have a twitter account that you can access in the sidebar and I've created a basic customized twitter page.
For security purposes, I have removed the Admin account and created a different account with admin privileges. Further, I have created another account with author privileges to use for posting. This is supposed to eliminate certain vulnerabilities. I have added a mod that automatically disables any account that has five consecutive failed logins (i.e. – Someone is trying to guess a password). This makes the site all but impervious to dictionary or brute force attacks. Users can easily re-enable their own account simple by clicking on the "forgotten password" link at login (They are instructed to do so if their account is disabled). I've also installed a watchdog program that emails me when it detects any new or changed files or database entries.
Security To-Do List
I have been compiling a .htaccess file that addresses various security issues and will be implementing it shortly. I plan to set up a cron job to automatically email me the entire database every night along with the site logs so I can run my own utilities against them. I need to back up the entire database and re-install the whole structure using non-standard table prefixes, modify the backup to use the new table prefixes, and then upload everything and test it. This prevents automated script attacks against the database. These attacks are defended against in a number of ways already, but just in case I missed something, this makes things extremely more difficult for the hackers. Then I need to test everything and make sure that nothing is so restrictive that it keeps legitimate users out. :)
Why Worry So Much About Security For a D&D Blog?
Its not that there is anything here that a hacker would want. They could screw things up but that just requires that I re-upload everything so that isn't a real hardship. It's the fact that these bastards cause so much annoyance and there's very little that can be done about it. Mostly I want to bulletproof my sites just to spoil their fun.
Look Of The Site
I know the site looks kind of dull. I'm playing with various ideas for what I want to do but that's a low priority atm. I'll probably revamp the look in a month or so.
This is my first WordPress template and I designed it myself from scratch. I started with a Starkers template (which completely strips the default template down to bare bones with no CSS) and have created everything from there. It has taken a great deal of work, far more than expected, to add back in the functionality that I wanted. Now that the site does what I want, my focus is on adding content and then coming up with a cool design.
Status of My New Campaign
In my Hello World post, I told you that I had been away from D&D for some time and that version four is new to me. Because of that I decided to create a new campaign from scratch and document my progress in adopting the new rules, creating the world, and preparing for a game.
First off, I have obtained the basic gaming materials. I purchased the three core books (Dungeon Master's Guide, Player's Handbook, and Monster Manual). Wizards had a deal where you could get PHB1 and PHB2 bundled together for the price of one so I have a copy of PHB2 now as well. I picked up a Dungeon Master's Screen and one set of dice.
I mentioned in a previous post that I had given away all of my D&D books, notes, dice, miniatures, etc. The woman I gave them to wasn't using them and still had them and was nice enough to give them back so I have a good base of supplies.
Otherwise, I would have also purchased: another ten sets of dice, a couple dozen miniatures, a gaming mat (I prefer hex-grid but a square-grid would do as well), and a half-dozen cheap calculators (for players).
I also purchased an upgrade to Campaign Cartographer 3 from Profantasy. I will upgrade to Dungeon Designer 3 as well. They run $40 new each but are well worth the investment. You need overland maps for both you and your players. DD3 expands the map-making tools to make dungeon design easier. You can also use it to create printable tile maps that I then laminate. You can make a number of them for different size rooms and hallways and piece them together as characters explore.
Second on my checklist, after obtaining supplies, was to familiarize myself with the rules for version four. I have read through the rules many times and am fairly conversant with the changes that they have made.
I like having digital access to everything as well as my own databases and utilities so I have begun work on those. I have typed in the stats for all of the monsters in MM1 and am working on a program that will handle searches, create/store encounter tables and roll them up, allow me to modify monsters and add the new version to the database, create/store encounters, and assist me during combat. I'm also working on a treasure generation program (I don't care for the "treasure parcels" used in the book. Beyond that, I intend to create my own Player's Handbook modified to support the house rules that I will be including. I will make my utilities available when they are completed if doing so falls within what's permissible by Wizards.
The next step is to document any house rules that I plan to implement. I have discussed a couple already and will cover a few more shortly.
Also, I have a fairly good idea of what I want for a starting area for my players and am thinking about what I will need when I am ready to start the map-making process.
My target date for my first game is February 20, 2010. I think I'm right on track for that.