Here a Hack, There a Hack, Everywhere a Hack, Hack
(Updated 2015 version)
In this world where hacking seems to be de rigueur, it is becoming more and more difficult and important to have a secure blog. The attacks that began a couple years ago on WordPress sites left an especially sinister taste in my mouth. But every single node along the information superhighway can be hacked. Heartbleed infiltrated via certain models of Cisco routing equipment. Little guys and big guys are not safe. Banks are robbed in real life. Sites are hacked in real life.
It seems that there may be a staging happening for a future truly sinister attack. I am not a conspiracy theorist! (Pardon me while I stamp my feet in vehement disagreement and adjust my tinfoil hat.) War is raging. It isn’t clear what the purpose of many of these hacking attempts might be. This is one of the most worrisome aspects of the hacking.
But do what you can. Keep your site up to date via software and plugins. Don’t host abandoned sites that you aren’t keeping up on your self-hosted account just because you can. If you have an account with a host and you have three sites on it, but two of them are just for testing or to maybe be developed in the future, and these two are not kept up to date as rigorously as your primary site – take those sites down. They are veritable thru-ways for hackers. Hackers want your server, not your blog.
Your chip embedded credit card info can be scanned from a distance, stolen, if you do not employ an RFID shield to protect your cards. Mortgages, bank accounts, and credit companies have all lost private data, client data. And these data losses are from these major sites.
So it isn’t surprising that hundreds of thousands of smaller sites have been hacked.
I have moved my business from a self-hosted to a managed host. I may also be moving to another hosting company for my non-commercial site. Because I am an impoverished blogger I will be learning how to maintain much of the site myself; it may take a while, but it will be worth it. Managed and maintained are different things in the hosting world, but I will take that on at another time.
Why am I switching?
I need a different hosting company. I need a server company that I trust and that will be reliable and can let me know if anything looks flaky. Fiduciary responsibility mandates I do the best I can. I need to know that I will have backup that will kick in should anything happen at their primary location. I want a U.S. based company. I want a company that will take it seriously if sites that share a server with me suddenly look like Swiss cheese from a security standpoint.
Many hacks of websites are simply to use the websites as tunnels to the servers. I want to work with companies who are diligent in their attempts to foil hackers.
As a semiotic anthropologist I know something about information, more than most, but I do not know that much about computer security although I probably know a lot more than most bloggers. This is the most straight forward account I have found of security and the current situation bloggers are facing:
While these attacks against popular content management systems are nothing new, the sudden increase is a bit worrying. Until the botnet in question is taken down, however, there is not much that can be done aside from ensuring you are taking every precaution. That includes using a solid username and password combination as well as ensuring your CMS and plugins are up-to-date. From: The Next Web.
Tucson is a cool place that attracts cool people. That is a metaphor folks, it is hotter than blazes here in Tucson right now. I like supporting local community, and I like supporting local businesses. And Tucson is a blue oasis in a sea of red. And it has good karma. People have lived here for thousands and thousands of years; some say humans have been here for over 10,000 years. You can read more about community and good juice or strong referral and reputation credentials in the second part of my Juice, Juju, Karma, and The Business of Blogging.
It is difficult to decide what is the best platform for you. I hate to say it, but if you are a small blogger that operates as a small business working on the solo-preneur model, you may be up a creek without a paddle. Security costs. Ad Sense and Etsy incomes just are not going to cover a hiring a developer to create a Drupal site for you. (Think tens of thousands of buckos.) If you are someone like me who is thinking about being able to sell digital downloads in the near future you know that you need a site over which you have control. No one will take a iwantafreewebsite.blogspot.com seriously as a major business. If you do not have control over your own website and do not own your domain, which is your basic online branded identity, you do not own the most important intellectual property associated with your blog.
This is why most bloggers who leave their blahblah.blogspot.com or blahblah.wordpress.com sites for self-hosted websites do so. There are other popular platforms used for blog hosting, but WordPress has the largest percentage of the blog market. Some would argue that makes it a reason to not use WordPress as it makes it a huge target. At one time that might have been an issue, but now with increased security and the general growth and maturity of Automattic, the company behind WordPress, the argument is moot. The company has very specifically addressed security with the purchase and incorporation of Akismet and Brute Protect.
Most of the bloggers I interact with on a regular basis are either running collaborative sites or will be selling digital products if they are not already doing so. With the hacking, the vast number of plugins a blogger has to use to have a sophisticated site you, it is not unreasonable to have to do several updates a week to keep up-to-date with security releases.
I was VERY uncomfortable with my attempts to create a pay site on a self-hosted WordPress site. By the time I added up my costs for a somewhat secure framework, a responsive child theme, a payment gateway, social media, and curation plugins I am spending way too much money and time with too many different sellers, plugins and updates, for products that while they are much safer than the free versions of similar products, are by no means guaranteed to be secure. If I am going to have to do all that I want a system where my efforts will allow me to scale up to add e-commerce, meeting software, webinar, direct feeds from my social media accounts, and integration with them for posting, and publication software.
So I am now hosting my business site through a well-established provider on which my ecommerce will be channeled on Rainmaker. And surprise, surprise, this is a WordPress-derived platform.
As long as I own my domain, and keep backups of my content, I would rather deal with one known agent rather than a dozen vendors from who knows where.
Feel free to ask questions. I will attempt to answer them, and if I can’t do that, I will talk to my network and get the answers.