Don’t host your own code
David Reese — September 9, 2009
Last week, an internet worm started burrowing around blogs running the WordPress blogging software. Individuals, nonprofits, and small businesses hosting their own Wordpress blogs were broken into and spammed with porn links. Internet personality Robert Scoble thought he had fixed his blog once, but then, “They broke back in, but this time they did a lot more damage. They deleted about two months of my blog. Yes, I didn’t have a backup.”
Security updates and backups are part of the significant responsibility you take on when you host the code for your own website. This is something I’ve been thinking a lot about lately, and the issues with Wordpress have a number of techie bloggers coming to the same conclusions. Screenwriter and blogger John August said it most clearly: “Most people shouldn’t be running their own blogging software.”
Hosting your own code
If you want to go beyond a static website and add weblog content to your website, or if you need a content management system (CMS) to ease site maintenance, many web designers will choose to install and set up open-source software on your shared server. Wordpress and Drupal are the most common examples; some paid packages are also popular, like Expression Engine or Movable Type.
Much of this software works reasonably well for basic sites with simple layouts. And by hacking at templates, installing plugins or modules, or writing your own code, you can eventually make your site do just about anything you need. But at the end of the day, the web developer – a consultant, or if you’re lucky, a family friend, or even someone on staff – hands over the keys: the site is yours.
What does this mean? Basically, there’s a directory over on your server that’s full of script files. Unless you pay a diligent web designer/developer to keep up the site for you, maintaining those files is your responsibility.
To keep your website free from spam and hijackers, it’s important to keep abreast of updates to your software, and install updates soon after they come out. Conscientious users of Wordpress would have upgraded to version 2.8 in June… installed security updates on July 9, July 20, August 3, and finally ending up on version 2.8.4, released on August 12.
Usually, installing individual updates is easy, but depending on what kind of plugins or modules you have installed, sometimes the updates can break your website. Fixing the problems can be tedious, and sometimes requires significant technical knowledge.
To be prepared for emergencies, backing up your site is important – if your server crashes or your blog gets hijacked, is your website safe? But in dynamic websites that change regularly, the addition of a database complicates things. Backing up the database requires special scripts that run every day, extracting your data from your database and then sending the data to a backup server.
Hosted solutions: the alternative
Some websites need custom setup or programming, and for them, there’s no escaping the need for installing customized code on their own server. But most websites and blogs use have similar needs, and don’t need that added responsibility. Luckily, there are many of hosted solutions available. For hosting simple blogs, the most common providers are Blogger and Wordpress.com; more complicated websites with custom designs will need a more powerful hosted CMS. To explain the advantages of a hosted system, let’s take the Percolate CMS as an example.
If your website is hosted on Percolate, the code that runs your website is no longer your worry – it’s managed by Percolate. Ditto for the server, and ditto for daily off-site backups. (You don’t have to worry about a shared server, as I wrote in my last post.) And there’s nothing to install, so your web designer can skip that step and get up and running quickly.
John August compares hosting your own blog to baking your own bread — they both require more technical know-how, more tedious setup, and more maintenance and cleaning than the pre-packaged alternative (figure 1). Though I’m a big fan of home-made bread, his point is well taken. Most of us don’t have to get our hands dirty with the dough.
Fig 1. Prepackaged bread. [Credit: Sam Felder]