« The O-Zone Romanian Proficiency ExamUsing WordPress to Generate Flat Files »
09.06.2009

How Not To Get Your Blog Hacked

I am going to break with seven years of precedent and indulge in a little bit of blog software wank.

Recently an exploit has surfaced in WordPress, a popular kind of blog software. If you run WordPress on a public server, an attacker can get full access to your site and do nasty things, up to and including deleting all your data. If you listen to the WordPress people, the answer to this is 'be extremely zealous about updating your software', which is the same as saying, devote half your life to learning and understanding WordPress administration.

If you listen to me, the answer is much simpler. Do not run this kind of software on a public server. Either host your blog with a competent centralized site (like LiveJournal or Blogger) that takes the burden of upgrading, backing up and patching off your hands, or use whatever personal publishing software you like (WordPress, Movable Type, and so on), but keep it on a local machine.

You can use a program like wget or curl to generate a flat HTML version of your website from this local version, and then upload these files to your public server to share them with the world. Now there is no way you can get hacked, because your server is just serving static files. As a bonus, you don't have to worry about your site ever going down because of database problems or excessive load. And as another bonus, you now have a remote backup of your blog.

If you want comments or other fanciness (why??), you might need a little more complicated setup than this. But the basic idea of keeping your administrative interface off the internet will save you endless angst as these exploits keep coming. WordPress has an especially terrible track record with security, but all these programs are just accidents waiting to happen.

If you have a blog setup that you think is insecure but don't know how to begin fixing it, feel free to email me and I will do my best to point you at an answer.

« The O-Zone Romanian Proficiency ExamUsing WordPress to Generate Flat Files »

Greatest Hits

The Alameda-Weehawken Burrito Tunnel
The story of America's most awesome infrastructure project.

Argentina on Two Steaks A Day
Eating the happiest cows in the world

Scott and Scurvy
Why did 19th century explorers forget the simple cure for scurvy?

No Evidence of Disease
A cancer story with an unfortunate complication.

Controlled Tango Into Terrain
Trying to learn how to dance in Argentina

Dabblers and Blowhards
Calling out Paul Graham for a silly essay about painting

Attacked By Thugs
Warsaw police hijinks

Dating Without Kundera
Practical alternatives to the Slavic Dave Matthews

A Rocket To Nowhere
A Space Shuttle rant

Best Practices For Time Travelers
The story of John Titor, visitor from the future

100 Years Of Turbulence
The Wright Brothers and the harmful effects of patent law

Every Damn Thing

2020 Mar Apr Jun Aug Sep Oct
2019 May Jun Jul Aug Dec
2018 Oct Nov Dec
2017 Feb Sep
2016 May Oct
2015 May Jul Nov
2014 Jul Aug
2013 Feb Dec
2012 Feb Sep Nov Dec
2011 Aug
2010 Mar May Jun Jul
2009 Jan Feb Mar Apr May Jun Jul Aug Sep
2008 Jan Apr May Aug Nov
2007 Jan Mar Apr May Jul Dec
2006 Feb Mar Apr May Jun Jul Aug Sep Oct Nov
2005 Jan Feb Mar Apr Jul Aug Sep Oct Nov Dec
2004 Jan Feb Mar Apr May Jun Jul Aug Oct Nov Dec
2003 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2002 May Jun Jul Aug Sep Oct Nov Dec

Your Host

Maciej Cegłowski


Threat

Please ask permission before reprinting full-text posts or I will crush you.