WordPress Sites – Batten Down The Hatches

There’s a WordPress bot going around breaking into sites that haven’t changed the default username and password.

Matt Mullenweg:

Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).

It’s Hard To Get Baked

Justin Blanton wrote an extensive post about his site’s migration to a static Jekyll site hosted on Amazon S3. Dave Winer also did something similar earlier this month.

Reading over this reminds me of a mini-debate I had with someone on Twitter who posted this:


Of course, Brett is right. For many people WordPress IS overkill. This site, for instance, could be completely done in one of these static site generators, and I would probably like it. I’d save on hosting costs and wouldn’t maintain and monitor a WordPress database. I could lose the headaches of dealing with upgrades and and plugin compatibility.1

So if WordPress is overkill why is it so prevalent? Because it’s WAY easier to get started with.

My web host, like many others, has a ONE-CLICK WordPress installation. Compare that to using tools like Jekyll, which requires going into a terminal window and typing in some scary looking commands. This is not for mere mortals.


My sister wants to have a website for her business. She needs a main page and a few other pages – and MAYBE a blog. She’ll never go into things like custom taxonomies, tags, categories. But, because she’s already familiar with using a WordPress’s editing window, WordPress is the obvious solution for her. WordPress’s editing window, by the way, feels safe to her because it looks like Microsoft Word. I know we’re supposed to hate on Microsoft Word, but we’re living in a bubble.

Think about what it takes to use and install one of these static site generators. You should know how Github repositories work (I don’t, not really). You should know how the command line works (I don’t know how it works beyond ‘say’ commands). You should know how to set up an S3 bucket (I did this…once), or how to FTP into a site and upload all your images and other media (this I can do).

WordPress takes care of a lot of that stuff for regular people. Beyond earning nerd cred, what good, practical reasons exist for normal people to learn how a static site generator?2

For all the complexity of WordPress installations, they are there if you want them and out of the way if you don’t need them. Most WordPress users will never have to deal with its advanced features.


  1. For what it’s worth, I can’t remember the last time I had an upgrade or plugin problem…but I keep it pretty simple here. 

  2. Of course, getting rid of a database and security vulnerabilities is a practical reason…but not for normal people. Not in a world in which web hosts will automatically upgrade your installation for you. 

The Original Wall

Steve Burge:

I always cringe when seeing people try to build an open source rival to Facebook. Projects like Diaspora gain publicity as a nice idea, but get little real traction.

However, I’ve come to believe that there is a potentially viable and very real open source rival to Facebook … WordPress.

That might sound silly at first, but hear me out:

Burge goes into how Automattic could provide unified identity across sites. I’m not so crazy about that, but I do agree that WordPress, and by extension blogs, are the original Facebook Wall.

The difference is that somehow blogging got mixed in with something people do in their mom’s basements. Meanwhile, attention-whoring on Facebook became socially acceptable.

I used to think that mindless updates on Facebook were a problem with its users, not Facebook, but I started doubting that when I began to see the constant pestering from the site to its users: UPDATE YOUR STATUS! LIKE PEPSI! TAG THIS PICTURE WITH EVERYONE YOU KNOW! UPLOAD YER PHOTOS—WE NEED YOU TO UPLOAD MORE PHOTOS! RSVP TO THESE EVENTS! YOU DON’T EVEN NEED TO GO!

Facebook’s stated goal is to “make the world more open and connected”, but in order to do that they’ve been playing this psychological trick, resorting to putting you on a mission to let everyone know about the most important person in the world.


Official Facebook for WordPress Plugin

Now there’s an official plugin to syndicate your WordPress install to Facebook profiles and fan pages. This is a feature Tumblr and WordPress.com have had for a while. Glad to see self-hosted users can now do the same.1

  1. Not quite as easy as Tumblr and WordPress.com make it seem. You can also check out Wordbooker, but looks like this got Sherlock’d. 

“Open Web FTW” by Matt Mullenweg

One of the beautiful things about the WordPress community is that it’s a lot of original content creation rather than just a few things being regurgitated over and over again, which is a fair criticism of what happens on social networks. I think of blogging as a craft. It’s something that you think about, that you try to do your best at. It’s part of your identity.

I really know very little about how WordPress.org works. I sometimes think about shutting this down and starting from scratch at Tumblr or Posterous. It would be easier for me, I wouldn’t have to worry about web hosts, and I’d get a nice reblog button.

But I get the warm and fuzzies whenever I read about what Matt values and think about what that means for people who use the software he founded.

Blackbird Pie

I’m now a fan of this WordPress plugin called Blackbird Pie.

Sometimes I want to post something that includes a tweet. Usually I’d take a screenshot of the tweet on Twitter.com, use that in the post, and link directly to the tweet. But with Blackbird Pie you can just embed the tweet using a shortcode.

If you find yourself wanting to comment on somebody’s tweet with more than 140 characters then Blackbird Pie may save you a bunch of time. It’s been baked into WordPress.com for a while, so it wouldn’t surprise me if it gets included with Jetpack soon.

How To Enable WordPress Post Formats

Wordcast details how to make your WordPress installation behave like a Tumblr site using post formats new to WordPress 3.1.

I dabbled in child themes late last year, so I’m not ready to reengineer my child theme (AND go through my archives) to enable post formats. Instead I’ve been doing what Ian Hines has been doing: using categories to indicate post formats and styling them if necessary.

Seems like post formats is a great feature for new users.