Though I’m sure I’ll hear from one guy in particular rolling his eyes and giving me a bad time about yet another WordPress attack, this time I metaphorically left one of my car doors open with the keys in the ignition (you know who you are PXLated!). Even so, this constant hacking is getting tiring and, in my opinion, will kill WordPress unless measures are taken to step up its security.
Today I awoke to an email from an social media acquaintance, David Erickson, kindly giving me a heads-up that my site had been hacked. Seconds after his email arrived I received another email notification from WordPress File Monitor that several core WordPress files had been changed on my server along with a beta “designer” plugin I was running.
I’ve fixed everything but, in addition to the faux pas of running a beta plugin, I discovered another embarrassing snafu: The WordPress Database Backup I was running was sending me backups for the last several weeks and—when I went to download a recent one prior to the attack in order to restore—I discovered that each file contained “0” kilobytes of data. So did the ones on my server (face turning beet red).
I’ve ultra-hardened WordPress, my databases, use highly secure passwords, and SFTP everywhere. Even with all of that I left a door ajar and somebody slipped in and wreaked havoc. I know so many others who are far less technical or experienced with WordPress than I am and there is no way they’d be able to recover by themselves.
So why in the world would I say WordPress is in danger of dying? Because of the volume of people who are running this open source package and the free hosted options available that—while being insecure like any computer or software exposed to outside entry from the internet—are managed, patched and monitored in ways the typical self-hosted user cannot be.
When I began blogging in 2004 I opted to go with the hosted Typepad since I knew myself well enough that if I’d chosen Movable Type (the software on which Typepad is based) and installed it myself, I’d have invested much of my energy in keeping the software up to date and running. Instead, I simply focused on blogging.
Though Typepad basically hasn’t added worthwhile features for several years in my opinion, WordPress.com, Tumblr, Posterous and many other options have exploded on to the scene offering free blogging platforms with amazing features. THAT is why I say WordPress is in danger of dying: if more people like me figure the payoff from self-hosting WordPress isn’t worth the power and control one gets from that and instead move toward a hosted option, I fear the momentum for WordPress will slow dramatically.