There has been a spate of hacking activity just lately on blogs hosted on less than secure servers owned by second rate hosts. I won’t name and shame here, but I can say that one of my blogs was hacked today and its not the nicest of things to be confronted with when all you’re trying to do is make a buck online.
Luckily for me, the hacked blog was only 20 pages and not a direct money earner. So rather than faff around trying to extract all the defiled files and weed out the infected parts of the database, I created a static version of the site. Its easy enough to do as long as the blog is not too big and the file/folder structure not too complex.
I then uploaded the static files to my server’s home folder, moved all the WordPress files/folders into a temp folder and tested the site to make sure it didn’t throw up any errors. It came up clean and looking good. So I went into cPanel and deleted the mysql database, user and the temp folder I stored the Worpress files in.
Probably done quicker than it would have taken me to fix the hack and get the blog back. Which is nice, because it means I no longer have to worry about that site. If it gets hacked again, which is less likely now there’s no database and CMS backdoors for hackers to exploit, I can just delete everything and upload the clean files via ftp in under a minute!
These days, I build all of my new sites as static. WordPress has become too much like hard work keeping up with their constant upgrades and then keeping an eye out of plugin upgrades too. They keep coming all the time and if you don’t upgrade when they do, you can be left open to attack. That is one crap system with a capital C.
With the multi-user version of WP, its not so easy to go back to static, especially if you’re hosting blogs belonging to other people on your main install. All you can do in that case is make sure you keep up to date with all those damn upgrades and keep plugins to a bare minimum. And get a secure password at least.