WordPress, me and Oxmetifan 20

, . Filed under Web.

This blog is run on software called Jekyll, which I couldn’t be happier with. It’s simple, flexible and fast – you build the site on your PC before uploading it to a server, rather than creating it on the fly with a database and PHP or similar.

The speed is great, but you also get a security benefit: there’s no server-side scripting or database for hackers to wheedle their way into.

So why, you might ask, did I switch back to WordPress recently? Well, back in the day I had a website with several hundred posts and comments. The downside of no database is no comments, and Jekyll doesn’t do categorisation out of the box as well as WordPress. In a fit of nostalgia I threw together a simple WordPress theme and bought some 15 quid a year hosting (I know, but bear with me). I sat back and waited for the comments to flow in, just like in 2008.

I got no comments. But that didn’t bother me too much; after all, it takes time to build interest and community. And I still had a neatly categorised set of posts.

Now, we use WordPress at work, and I get the need for a secure set up. I applied what I think is a pretty sensible set of rules to my new little website. Just one FTP account boasting a tricky password. A single website login (nope, not admin) with an even more fiendish password. Minimal number of plugins, all reputable and up to date. Lock outs for multiple failed logins from the same IP address. Secure permissions on the server.

And yet I was hacked. On Googling myself (I know, I know) I found my search engine result referenced a certain libidinous chemical preparation (there’s an anagram of it in this post’s title, if you’re interested). A hacker had hijacked my server so it posted rogue pages under my domain, which affected my search engine listing.

Our virtual work hosting has never been hacked, so I assume the quality of my new plan was a factor. To be fair, I was offered good support, but what’s the point of ditching a setup that’s fast, simple and infinitely more secure than WordPress?

I guess this is just another post about getting what you pay for when it comes to WordPress hosting. But as with so many things, you’ll ignore the warnings until it happens to you.