How the Scobleizer Ruined My Weekend But Saved My Blog (For Now)
Robert Scoble was in a perfect storm: He’s one of the most high profile tech bloggers who is using WordPress which is pretty much the most popular blogging platform right now. And what Robert recently discovered was the combo of these two pinnacles of popularity made him a target for hackers who infected his website, and destroyed some his content in the process. Sadly the first two things that Scoble didn’t pay attention to are common in the blogging world: He was using a previous install of WordPress (2.7x) and hadn’t backed up his blog. Now notice that I didn’t use the phrase “what Robert did wrong” because the fact of the matter was that I was guilty of the very same behavior, and I suspect many other bloggers are too.
So why didn’t I upgrade to the latest version of WordPress and how come I haven’t kept backups? Last year when I ditched MovableType and former hosting provider I made the jump to WordPress. I was impressed with the fact that as a non-programmer or Unix admin I was able to do an install with just a little bit of grief. However this was October of 2008 and the version I picked was 2.6x which was the latest at the time.
The problem with this version is that there isn’t an auto upgrade, also I suspect that like Scoble I represent the 10% of bloggers who have a ton of content on their blog. So doing an upgrade becomes a major operation, also if you have any real traffic the few hours you are down for aren’t trivial as visitors may be coming to a broken site. My other problem is that with 2000 posts backing up the site is also a non-trivial matter as well as it can take some serious time to export all that content off site.
So since I made the jump to WordPress I’ve been very happy, however I kept putting off upgrades and doing backups. This isn’t surprising because my focus in life is creating content and I don’t do programming or systems administration for a living, so seeking professional help can cost me money I don’t have. So when I read Scoble’s blog entry I knew that I was looking in the mirror, and I didn’t like what I was seeing.
I had already made plans for this weekend, and they pretty much involved everything except for upgrading my blog. However on Saturday I bit the bullet and went to work. I won’t lie, it was painful: The backup process alone started with me exporting a one gig text file which I downloaded — the file was so large that I couldn’t even find a text editor to take a sneak peak to see if my backup worked. Upgrading to WordPress itself went pretty smoothly, but I hit a real wall with one or two plugins that I had installed.
Sometime well after midnight on Saturday I declared victory after everything was solid. But it was a hollow victory at best: Except for this blog entry my visitors will never notice what’s under the hood. And of course it has made me realize that I need to create some sort of process to backup the blog on a regular basis, which is creating work for me that I rather be using for other tasks.
Looking back at it I think Scoble is wrong to state that he doesn’t feel safe with WordPress because while that version of WordPress is a pain to update as a tech journalist he should have known about the need to do backups. Also I’m surprised by the response of RackSpace who should see this a gap in what they do: To claim that backing up a blog is the domain of content is wrong. When I did my initial backup I had to go into my hosting panel and access MySQL which is the database that all of my WordPress content is stored in. Certainly this is the sort of operation that can be automated by a hosting company — and not just RackSpace but any hosting company.
I think next some blame needs to go to WordPress. To be fair they’ve been very agressive about security for the last year or so, which is why I feel safe with the latest version. And I also feel like they’ve addressed the need to have auto-updates as it was my misfortune to be a version too late to be on this wagon. However that said I think that as part of security WordPress should have some automatic mechanism to backup your MySQL database to external text file.
Now I bet without looking that there may be plugins to do this — but frankly plugins are a bad solution. Because plugins are so popular the quality of them varies a great deal. Not only that but using too many plugins is a bad idea in WordPress, so my gut feeling is that this automated functionality needs to be in the core product. There’s already an easy to use export interface so why not give me the option to automate it?