I started building and designing websites of some sort 26+ (?) years ago. This was back when tilde domains were popular and when I had a “Zine” hosted on Geocities. It was fun and I learned enough to later get work doing this very thing for others.
Over the years the practice of creating websites got more and more complex, I got older, and my professional practice got more specialized. As a result my skills have languished and personally I have little patience and interest in understanding the language I hear web developers using today.
I was at one time a self-professed expert in using MoveableType and created a number of custom themes for that platform for people who I was working with at the time. I made a fateful decision awhile back to join the herd, drop MT, and use WordPress for any hobby projects, including this weblog. Our nascent business is run on this platform as well.
Since that time, I’ve had nothing but trouble. I’ve had a whole project taken down due to miscreants using one of our installs as a file sharing node. Lately, bugs in various plug-ins keep me busy with meaningless tasks. The latest problem is a common one, someone gained access to our server and installed malware. The last time it was some kids from Indonesia with too much time on their hands. This time it was a number of different actors. In fact I have found out that our website sleeptightstories.org, a website for kids with completely insignificant traffic, is a popular target.
This nonsense has distracted me and taken me away from the work that I enjoy.
Though it’s a matter of perspective, I realize I’m at fault for not having an almost religious conviction to ensuring that WordPress and her plugins are update and secure.
Our current web host, Pair, is very pithy with server resources on our former plan. Updating a WordPress install has more than once resulted in errors that required a couple hours to correct, so I often delay updating each install until I know I have the time to devote to the possible problems. Auto-update seems to only work intermittently. According to Pair, this is likely why they were able to so easily infect at least one of our sites.
But who builds a product that is insecure by design? Like Facebook, WordPress seems to have consciously created a product which has resulted in a whole cottage industry of people who help small business owners manage how they reach their customers, and keep their WordPress installs secure and spam free. It shouldn’t be necessary.
This is I hope the last time I make this mistake. Going forward I will be evaluating our relationship with Pair (I’ve been a customer for 20+ years), and have in the interim moved our WordPress installs to a new far more expensive managed hosting account.
We’ve already decided that our future lies with services like Squarespace, and not something built by myself. Goodbye Apache, hello nginx and whatever Squarespace runs on.
I can’t help but feel a little sad that the days of having fun with building websites are over, at least for a hobbyist like myself. I just don’t have time for all the inevitable problems that arise, nor unfortunately, the time to learn how to create something robust.