Last week, I was going to upload some photos from the recent Girl Geeks event at Canva to my blog when I noticed a strange folder in my FTP directory called “PDFs.” Crap. Yep, my site had been hacked again. It was filled with PDFs for Viagra and all kinds of crap. (What the hell is even the point of that?!) This happened a few months ago and I worked with my host to lock it down, but obviously the exploit is still there. We’re not sure if it’s my code (which is pretty simple, really, mostly just writing and reading text from DB) or whether the shared server has been compromised. But it was just too much. I gave up, took the whole site down, and put up a holding page. I was through.
The next day I was having coffee with my friend John Allsopp, who asked me about it. (There were some rage tweets.) I told him I was mulling options. “Why don’t you use WordPress?” he said. What?! I’d never used WordPress before. For someone who’d written their own CMS, it seemed like cheating. And didn’t it get hacked all the time anyway? (Not that my CMS was doing much better.) He was like, “Look, I’m old school too but some stuff is just too much work.” So I started thinking about it, and then this weekend I took the plunge.
And here we are! I had a lot of fun figuring out how to import 13,000+ blog posts and 25,000+ comments. But I got there. The Snook helped me out with mod_rewrite so all my old post URLs should hopefully resolve to the new locations. Today I sorted out the theme, added some extra pages, and started categorising and tagging. (My CMS never had fancy things like that.) I got Instagram and Twitter auto-posts set up. I also moved over the sock monkey tutorial, as it was the most popular thing on the old site. I’ve still got heaps to do – all of my old photo pages are currently 404ing, for a start – but so far I like this. (Oh! And I’m on a new host too. I saw several people on MetaFilter recommending A Small Orange, so I figured I might as well make a clean break. RDF will remain on the old site until I can port it over.)
Comments are back on (for the time being). Any WordPress old-timers have any advice for me? Especially around hardening this thing. I’ve already implemented several security measures, but feel free to hit me with recommendations if you’ve got ’em. I was this sucker LOCKED DOWN.