Back in the day, like way back when the iPhone gen 1 was announced and Lucky Strike cigarettes (“It’s Toasted”) were still sold in the USA, I started to experiment with writing my thoughts and things online. Back then we had things like MySpace and Facebook where folks would write long updates in a “short-format” blog post… Remember Xanga? If you were a creative type there was also DeviantArt and eventually Flickr took to the scene as the proto-hipster place for photogs.
All of those “free” platforms were great for exploration and the occasional moaning about the myriad of mundane and annoying crap that no one really cares about; However, you still wrote that garbage because it got likes, attention, and occasional comments of support and comradery. If you wanted more control of your platform you had to think a little harder past your hotmail address and a seriously weak password. Did I mention that there were also free forum solutions like ProBoards?
Now that I covered most of the legacy social communication solutions let’s take a look at the age of blogging. The giant of that domain started to emerge in the midst of Mambo and Joomla (and eventually Drupal) slapping contest, which were the first popular and fully functioning php based content management systems. I’m talking about Wordpress. WP was a simple, flexible, blog-first CMS. Downloading, deploying, and customizing WP installations wasn’t exactly a cake-walk in the beginning but with a little know-how and research it was actually quite easy compared to its predecessors. At some point if you had a shared hosting account with BlueHost (I still do, it’s great), or another major shared web hosting provider, your Control Panel received an update that allowed you to install WP with a single click, how awesome is that?!
It is, indeed, very much the “bees-knees” but it also ushered in the age of php-based vulnerabilities and WP bloat. Now we have an ocean of WP blogs, some real and a legion of abandoned and never updated installs, alongside WP hosted accounts (basically more of the same thing but franchised). With well deserved accolades and attention came a whirlwind of php developers building anything from social media plugins to full on professional and pricey themes. The Achilles’ heel of this wonderful software is, and always will be, security.
As anyone can expect popular software receives a lot of good and equally bad attention. The good stuff was in the aforementioned plugin and theme development. Anything that you could ever need or want was probably already developed, all you have to do is search for it in the WP plugin directory. What was also plentiful and already developed were security hacks and code made specifically to exploit the myriad of vulnerabilities plaguing the system. Right. There. In. The. Plugins. Major and intermittent versions of WP kept on rolling out in an attempt to plug the onslaught of security leaks but two main facts remain constant to this day: thousands of rogue and abandoned installs remain unchanged, WP remains the most targeted CMS in terms of security and brute force attacks.
It’s important to note that I’m not running a WP smear campaign. I have worked with and maintained WP installs in the past and find the CMS actually quite useful and user friendly. WP is hands down the easiest and most common-sense solution for projects/websites that are meant to be put up quickly and have multiple contributors right away, or in a sitution that demands a quick blog solution RIGHT NOW (WP target audience). This article is part 1 of my post entry and automation process, it has nothing to do with WordPress aside from highlighting the popular blogging platform and the number one reason that I abandoned it.
Next up, “Post Entry Process - The Setup”
For more research concerning WP security woes:
Thanks for reading, until I write stuff & things again, I’ll catch you on the flip side.