New digs
When John Gruber is right, he’s right. And he’s right about hosting your own WordPress.
Briefly – WordPress has a gigantic attack surface. It’s far and away the most popular web application as far as installed instances, and although the developers do a fairly good job with security, the sheer popularity means that as soon as new exploits are discovered, blogs get compromised almost immediately.
It’s not that WordPress isn’t good software – I think it is – but that running it yourself means having to constantly stay on top of security issues. What if I go on vacation for 5 days and don’t have computer access? Am I going to get hacked? More importantly, are the other applications also running on my server – including Journey, which is a commercial software offering – going to get hacked?
It’s just plain not worth it. Let someone else host my blog.
So I’ve done something I’ve been thinking about for awhile: I’ve moved this blog off my own servers and onto WordPress.com. For anyone currently hosting your own WordPress installation, I highly encourage you to seriously consider it too. It’s easy to do, it migrates all your comments, and it’s free-to-extremely-cheap.
Unfortunately, they don’t let you use just any WordPress theme, so I’ve set up a new one from their (fairly good) library. I actually think this one is an improvement on my old theme.
Anyway, enjoy, and please do let me know if you see any issues with the new blog.
One thing I noticed when teaching a class on blogging using the hosted wordpress – you get a lot less control over the blog (for example, you have to pay to have access to custom CSS that’s not in the template). Is there a way around that, or are you stuck either paying or going without the custom features when you host on wordpress?
Yes, that’s true. It’s not a lot of money, but it’s money. It does seem like they nickel-and-dime you a lot.
I’m not necessarily advocating WordPress.com for everyone, for this among other reasons. Tumblr, Posterous, DreamWidth, even Blogger seem like reasonable options too. I went with WordPress.com just because it was really easy to move my existing blog there, since I could just import everything in the XML dump and even have the attachments come across. But they’re probably not the best option for everybody, particularly if you want more control over your blog’s look and feel.
Makes sense. I think the nickel-and-dime-ing was what bugged me more than the need to pay for stuff. I’m about to give up on customizing my blog’s look mostly because I’m not a designer and, try as I might, my designs always look clumsy and out-dated. (Note that my Project 365 blog is a template, and I wrote the blacktabi one myself…)
I can say that I moved away from blogger because it was hard to customize, but it’s been several years since I tried it.
I find this font unreadable unless I increase screen size 3-4 times.
Andrew also mentioned that. I’ve switched it to a different font (you might have to shift-refresh to see the change). If that doesn’t work, I’m going to give up on custom body fonts and just let your browser decide.
Sadly not an option if you need the customization that comes with running it yourself. It only makes sense for them to limit your choices of themes and plugins, it’s one of the ways they can promise greater stability and minimize the attack surfaces. But it means I couldn’t run the Acapodcast page. Nor use the LJ crossposting plugin.
But then again, I’m not hosting anything of irretrievable value either. I’ll just have to keep making regular and reliable backups, and keep an eye on the updates.
(I do subscribe to the update announcements they provide)
Yep. There are definitely cases where WordPress.com is not the right tool for the job. I suspect there are probably other sites that specialize in podcast hosting that might, conceivably, work for your use cases, though.
When you host web-facing applications, of any kind, you’re accepting the risk that an attack might occur, and taking responsibility for trying to prevent it. That’s just as true of any other application you host yourself as it is of WordPress, of course, but WordPress is a really attractive target.
I once had a blog on WordPress. I think it died of neglect, though.
Love,
Your Mother