post

Why WordPress is in Danger of Dying

Though I’m sure I’ll hear from one guy in particular rolling his eyes and giving me a bad time about yet another WordPress attack, this time I metaphorically left one of my car doors open with the keys in the ignition (you know who you are PXLated!). Even so, this constant hacking is getting tiring and, in my opinion, will kill WordPress unless measures are taken to step up its security.

Today I awoke to an email from an social media acquaintance, David Erickson, kindly giving me a heads-up that my site had been hacked. Seconds after his email arrived I received another email notification from WordPress File Monitor that several core WordPress files had been changed on my server along with a beta “designer” plugin I was running.

I’ve fixed everything but, in addition to the faux pas of running a beta plugin, I discovered another embarrassing snafu: The WordPress Database Backup I was running was sending me backups for the last several weeks and—when I went to download a recent one prior to the attack in order to restore—I discovered that each file contained “0” kilobytes of data. So did the ones on my server (face turning beet red).

I’ve ultra-hardened WordPress, my databases, use highly secure passwords, and SFTP everywhere. Even with all of that I left a door ajar and somebody slipped in and wreaked havoc. I know so many others who are far less technical or experienced with WordPress than I am and there is no way they’d be able to recover by themselves.

So why in the world would I say WordPress is in danger of dying? Because of the volume of people who are running this open source package and the free hosted options available that—while being insecure like any computer or software exposed to outside entry from the internet—are managed, patched and monitored in ways the typical self-hosted user cannot be.

When I began blogging in 2004 I opted to go with the hosted Typepad since I knew myself well enough that if I’d chosen Movable Type (the software on which Typepad is based) and installed it myself, I’d have invested much of my energy in keeping the software up to date and running. Instead, I simply focused on blogging.

Though Typepad basically hasn’t added worthwhile features for several years in my opinion, WordPress.com, Tumblr, Posterous and many other options have exploded on to the scene offering free blogging platforms with amazing features. THAT is why I say WordPress is in danger of dying: if more people like me figure the payoff from self-hosting WordPress isn’t worth the power and control one gets from that and instead move toward a hosted option, I fear the momentum for WordPress will slow dramatically.

About Steve Borsch

I'm CEO of Marketing Directions, Inc., a trend forecasting, consulting and publishing firm in Minnesota. Prior to that I was Vice President, Strategic Alliances at Lawson Software in St. Paul where I was responsible for all partnerships at this major vendor of enterprise resource planning software products and services. Read more about me here unless you're already weary of me telling you how incredible and awesome I am.

Comments

  1. Right on! In fact, I’ll go you one better – *blogging* is dying because of Facebook, Twitter and LinkedIn! I’m sick and tired of receiving emails reporting spam comments on my blog, so I’ve turned off commenting. I’m sick and tired of going to Site Admin every day and checking for plugin upgrades, so I’ve deactivated all but the most essential ones. And I’m sick and tired of Google’s Speed Tracer telling me my site is slow and that I have to figure out how the Hell to set all the cache expiration times on dozens of components.

    WordPress is no better or worse than Drupal, Moodle or any of the other open source “content management” systems. They *all* require IT, and that is non-productive time. It doesn’t raise revenues or lower costs. So I’m seriously considering shutting down my blog. I had three Drupal sites for a while, then converted them to WordPress because I didn’t need all the Drupal functionality. Then I merged the three WordPress sites into a single site. I also had a Posterous blog and a Blogger blog that I nuked and migrated.

    I left Facebook in May, so I am down to my (WordPress) blog, LinkedIn and Twitter. I’m thinking I might just shut the blog down – upload the “interesting” stuff to a share on SpiderOak and use my hosting ergs to develop a service that enhances my Twitter presence in some way. Or just use Twitter and LinkedIn as my only self-publishing venues – the “New Twitter” appears to be a way to self-publish media, and that’s really all I need from a blog.

  2. I take no pleasure in your misfortunes even though “I told You So” :-)

  3. Steve,

    Are you sure this isn’t a problem with your web host? I have several dozen customer WordPress installs at Tiger Technologies http://www.tigertech.net/ and have never had a problem.

    See their WP hacks info page:
    http://support.tigertech.net/wordpress-remove-hacks

    See Matt Mullenweg’s April post about security stuff:
    http://wordpress.org/news/2010/04/file-permissions/

  4. Sorry, my comment sounds a little too flippant. I really do feel sorry for any misfortune.
    It’s times like this that I wish I still blogged, I could probably write a thesis in response to your post.

  5. Steve Borsch says:

    Ed,

    Believe me when I say that I feel your pain. One of the things many people I follow online seem to be doing is re-examining where they’re investing their time, energy and effort. I’ve seen the pendulum swing toward micro-communications (e.g., Twitter) to micro-blogging (e.g., Tumblr, Posterous) and now a swing back to longer form blogging. Why? Because it’s really, really hard to communicate anything of essence or intrinsic worth (IMHO) in 140 characters.

    I don’t have the answers, but am leaning toward pushing my self-hosted WordPress blog to Posterous. I’ve already migrated it with their tool but it’s a mess and needs hours of clean-up. The pluses are:

    + Post by email, my iPhone, iPad

    + My “digital assets” go to my Flickr, YouTube accounts as well as giving me the ability to ‘push’ the entire post to a private self-hosted WordPress blog (which would be for archival purposes only and eliminates one objection many have that the microblogging platforms “own” your blog)

    + Doing this removes a lot of the “friction” I’m feeling in putting forth effort that is, as you describe, “require IT and that is non-productive time”. So in many ways I’m going *back* to my original blogging model where I’d focus on the content vs. the container.

  6. Steve Borsch says:

    Randy — No worries….that’s why I jokingly pointed out that I was sure to hear from YOU! ;-)

    The Achilles heel of open source packages is that anything goes. That’s also why there is so much flexibility and freedom within WP as opposed to, say, Expression Engine. You should blog (which I’ve said often) so maybe a microblog like Tumblr or Posterous?

  7. Ironic that you posted this so soon on the heels of the announcement that Typepad/Movable Type has been bought, amidst rumors that stuff will be neglected, leaving, well…you know.

    Right on with your points.

  8. I thing wordpress is dying as a blog plataform!

    All is becouse off facebook, is easy, have feeds, your friends are there, you can fidelize any and anyone on facebook, you can share all, with no programing knowlenge, also worpress is to heavy, and have to many limits, for example in my situation im still using DW, to code css in wp, becouse the style options are garbage, or you have a mega framework ho do all for you and you have to learn to use that framework, in FB you up some cool pictures and you are jedi SEO!!

    I think wp is also a nice content management and that could be the way to sucess. I have a travel agency as a webdesigner, my 90% of clients are from the web, i would love to use wp, in my site, but i can´t becouse of SEO, so were i can put wp? as a content managing.

    Grettings from brazil happy new year

Leave a Comment