W3C home > Mailing lists > Public > public-webplatform@w3.org > January 2014

Re: Current blog performance problems

From: Renoir Boulanger <renoir@w3.org>
Date: Fri, 17 Jan 2014 13:53:24 -0300
Cc: List WebPlatform public <public-webplatform@w3.org>, Etienne Lachance <el@elcweb.ca>, Julee Burdekin <jburdeki@adobe.com>, Doug Schepers <schepers@w3.org>, Ryan Lane <rlane32@gmail.com>
Message-Id: <36C8D91B-5891-44B3-BBB8-5601CD931F0C@w3.org>
To: Jen Simmons <jen@jensimmons.com>
yup, I agree completely, I just haven't had time since I was migrating to a new host and then went on vacation.

Renoir 
~

On Jan 17, 2014, at 1:39 PM, Jen Simmons <jen@jensimmons.com> wrote:

> I am wondering what else we can do to improve the blog problems.
> 
> 1. Upgrade from WordPress 3.6 to 3.8
> 
> You should always upgrade WordPress to the latest version every time a new version is released. It should be a top priority to upgrade immediately. Otherwise the WordPress installation will get hacked. And I do mean will, not might. It eventually happens to every WP install ever. Applying upgrades will prevent problems. And backing up the database continually, and keeping an archive of backups for at least six to twelve months, maybe more, is also key to not loosing the content. I've built many, many WP sites, and had to revived hacked sites many, many times (for clients who didn't keep the software updated). 
> 
> This is what happens  Automattic finds a security flaw and fixes it. Hackers read the new code, and write bots to exploit the newly-closed hole. Their bots crawl the internet looking for any sites that have not upgraded yet and infect WP databases with malicious javascript. For a while your site sits there fine, nothing wrong, while the malicious code hibernates  usually for months. Then, eventually the malicious code is activated. It usually spreads hidden links, pages and ads all throughout the site  to produce results for blackhat SEO companies. You can't just restore a database from last week or last month. Usually you have to go back to a database from 6 months or a year ago to have clean data. Or manually search the database for the hundreds of instances of spam scripts. It's a real pain.
> 
> Don't ever run WordPress two versions back. Upgrade immediately. Especially on a host that's doing little to block these kinds of hackers. 
> 
> Which also means don't fork WordPress or create any kind of fragile custom code that might prevent an easy, clean upgrades. Or use Plugins that are not well maintained. You'll need to be able to upgrade every time, immediately, without hassle. 
> 
> Jen



Received on Friday, 17 January 2014 16:53:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:20:57 UTC