August 2015 is actually a pretty big month for me. It marks 10 whole years of blogging. Back in 2005, I was using blogger.com. Originally created by Pyra Labs 1999, Google bought them and their blog service in 2003. Blogger blogs were primarily hosted by Google via subdomains. This meant you could have your very own blog with your own partially customizable URL for free and without having much technical knowledge. In 2005, that’s what I did. I think I may have been technically capable of hosting my own blog, but in 2005, I was just entering my senior year of high school so money wasn’t that plentiful.
I wrote for that blog continuously up until October of 2010, a few months after I graduated from college. By that time, my technical know-how had increased substantially. For two years, I created a handful of short-lived blogs before deciding that I wanted to restart a primary personal blog as I had done in 2005. This time though, I knew I could have my own domain and host the site myself.
There may be some hardcore web developers out there who write their own blogs manually via HTML, but it’s really not the norm. Most blogs are run by software you install on your server. For our own Small Dog blog, we use software called Textpattern. Other well known blogging software includes WordPress, Movable Type, Drupal, Joomla and TypePad.
For my purposes I installed WordPress. It’s free, widely used and has an extensive plugin library and community support. The wide use has a pretty substantial drawback though. WordPress is frequently the target of attacks and exploits. Every time I mention that I’m hosting WordPress on my server, Morgan, my fellow IT person here at Small Dog shakes his head and remarks about how many risks I’m taking.
I really love the software though, so how do you help protect yourself, your server, and your installation of WordPress? I recommend the following “musts”:
- Updates – WordPress updates are pretty frequent at a rate of one or two a month. Plugin and theme updates may be more frequent depending on the plugin or theme. There’s no excuse not to keep on top of this and install those updates! WordPress makes it easy to install them right from the browser and it notifies you which things need updating.
- Jetpack – Jetpack is an advanced plugin that offers lots of enhancements to WordPress and I would certainly suggest it for all those reasons, but it also offers enhanced security. You can whitelist IP addresses for logins and it offers a captcha system for additional security. Each time I log in I see how many malicious login attempts have been blocked. Answer: a lot.
- Akismet – Akismet is a comment spam filter that works exceptionally well. If you’re a non-commercial blog, you can use it for free. It’s easy to install and configure and I’ve gotten literally 0 spam messages since installing it over a year ago.
- Rublon two-factor authentication – Two-factor authentication is such a powerful tool to secure any login system. You can now add that power to your WordPress installation with this easy to install and configure plugin. This particular system uses email-based authentication, so you don’t even need a token system. There are other token-based two-factor authentication systems available though.
Overall, I’ve been very satisfied with WordPress and I like that it provides both ease of use but isn’t too hard to extend for a web developer like myself. If I wanted lots more customization, I might use something that leaned more towards a CMS (Content Management System) like Drupal or Joomla. For now though, WordPress suits me well and despite Morgan’s words of caution, I think I’ve secured my installation pretty well.
Happy blogging!