W3C home > Mailing lists > Public > public-webplatform@w3.org > January 2014

Re: Current blog performance problems

From: Jen Simmons <jen@jensimmons.com>
Date: Fri, 17 Jan 2014 11:39:16 -0500
Message-ID: <CAB0bRKNNE6yX1KjPT3Q_frwnUxRd2CCT2Ycyn_Vi9gY47AubZw@mail.gmail.com>
To: Renoir Boulanger <renoir@w3.org>
Cc: List WebPlatform public <public-webplatform@w3.org>, Etienne Lachance <el@elcweb.ca>, Julee Burdekin <jburdeki@adobe.com>, Doug Schepers <schepers@w3.org>, Ryan Lane <rlane32@gmail.com>
I am wondering what else we can do to improve the blog problems.

>
> 1. Upgrade from WordPress 3.6 to 3.8
>

You should *always* upgrade WordPress to the latest version every time a
new version is released. It should be a top priority to upgrade
immediately. Otherwise the WordPress installation will get hacked. And I do
mean *will*, not might. It eventually happens to every WP install ever.
Applying upgrades will prevent problems. And backing up the database
continually, and keeping an archive of backups for at least six to twelve
months, maybe more, is also key to not loosing the content. I've built
many, many WP sites, and had to revived hacked sites many, many times (for
clients who didn't keep the software updated).

This is what happens  Automattic finds a security flaw and fixes it.
Hackers read the new code, and write bots to exploit the newly-closed hole.
Their bots crawl the internet looking for any sites that have not upgraded
yet and infect WP databases with malicious javascript. For a while your
site sits there fine, nothing wrong, while the malicious code hibernates 
usually for months. Then, eventually the malicious code is activated. It
usually spreads hidden links, pages and ads all throughout the site  to
produce results for blackhat SEO companies. You can't just restore a
database from last week or last month. Usually you have to go back to a
database from 6 months or a year ago to have clean data. Or manually search
the database for the hundreds of instances of spam scripts. It's a real
pain.

Don't ever run WordPress two versions back. Upgrade immediately. Especially
on a host that's doing little to block these kinds of hackers.

Which also means don't fork WordPress or create any kind of fragile custom
code that might prevent an easy, clean upgrades. Or use Plugins that are
not well maintained. You'll need to be able to upgrade every time,
immediately, without hassle.

Jen
Received on Friday, 17 January 2014 16:39:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:20:57 UTC