Tag Archives: CMS

blogging listserv mailing list Moveable Type Online News plugin RSS security Windows WordPress Wordpress Automatic Upgrade

Keep your WordPress site from being hacked with automatic upgrades

I’ve already written about what to do once your site has been hacked, but let’s talk a bit about hack prevention.

I think it’s fair to say that most people manage their own WordPress installation because they have some programming background and want a little more control than you get with a hosted solution like Blogger or WordPress.org.  Webmasters like you and me usually know a bit about security and how important it is to keep things up to date.  The problem is that every minute spent upgrading your CMS to the latest version is a minute not spent writing or running your business.

So you know you should download the latest patch, make backups, disable, plugins, install… but it’s already 1 a.m. and you need to meet clients in the morning, so you put it on the back burner and your site ends up hacked.  What’s the solution?  If you’re Technorati, the solution is to motivate bloggers a bit more by threatening to delist them.  I can understand their point of view.  But how about something a bit more positive – automation.

There are two ways I’ve automated WordPress upgrades.  One is through Fantastico, which is a really cool script management system that your web host should probably provide.  I’m giving up on Fantastico, though, because it takes a long time for it to notice updates.

The second way I just tried out recently is the WordPress Automatic Upgrade plugin.  I’ve tried it out on three blogs now and so far so good – it hasn’t skipped a beat.  This functionality really needs to be folded into WordPress itself – with 2.5, they added the ability to automatically upgrade plugins but it seems like most security holes lately are found in the WordPress code itself.

That plugin is WordPress-only, but I recommend doing some research to see if there’s something similar out their for your blog software or CMS.  Even if WordPress never has another security bug, there’s always Joomla, and Drupal, etc…

Weekly listserv journal – CMS and blogging software

As part of a class project I’ve been reading the Online-News mailing list and responding to some of the issues and discussion brought up there.

This week did not see a great deal of discussion per se.  One poster asked for useful/innovative tools that CMS (content management systems) have.  The only response so far said that flexibility was the best feature his CMS had, so that his programmers could add/alter modules without paying a bunch of money for consultants.   In his site, they added RSS feeds and added a simple interface for editors to use.

Last week there was a long thread that started when someone asked which blogging software they should use for a student project on a Windows platform. One suggestion was Moveable Type, and there was some back-and forth about how easy it is to make changes to built-in templates with CSS.  Typepad and Pmachine were two alternatives that were also mentioned.  There was some talk about integrating it into a CMS and even using Flash (which one writer pointed out, might be silly if most of the content is just text).  Several people talked about the difficulties they had setting up MT for multiple authors, and gave some suggestions to make it easier on the original poster if they decide to go that route.  RSS was also mentioned, which is something I know little about and should probably look into.