I may be preaching to the converted on this but…
I like WordPress (in fact I like most .php-based products).
I’ve tried Ghost and thought it was meh. I’ve worked with Drupal and thought it was alright (if slightly over-engineered).
But I *like* WordPress.
However, the more time I spend with it, the more I realise that WordPress has shortcomings, here and there.
It’s a pros and cons argument.
Yes, there is a very large user community developing features and facilities for the (functional and non-functional portions of the) application.
And this is good. This huge, hardcore team of developers are continually turning the WordPress product in to a much more sophisticated tool.
But there are also some naughty people out there, attempting to bugger up some people’s WordPress installations.
Just for a laugh.
When I was in LA three years ago, one of my WordPress-based websites was hacked.
It was a relatively straightforward task to get in to the back-end and fix the website. It was just frustrating that it had happened.
Though, interestingly, I believe I would fix the problem in a much simpler way these days.
But here are a couple of simple golden rules that everyone should undertake to protect their WordPress environment:
- log in as administrator
- create a new user (with a non-obvious name)
- promote that user to administrator
- log out as administrator
- log in as the new administrator user you have just created
- delete the old administrator account
And while I’m on the patronising subject of the blindingly obvious:
- never publish content from an admin account – use an author/editor role
- change your passwords frequently (and use a random password generator for security)
But don’t worry about deleting your admin user if you have been posting from content from it – you can just assign your new author/contributor user as owner of the legacy content, and then you don’t lose anything.
Maybe you already know these things.
But we’re never to old to learn, are we?