For all sorts of reasons it’s been quite some time since I have focused on developing a personal website.
So I’m looking forward to getting back in the groove with something a little special here. I am using a very nice template I discovered, driven by the WordPress core. Does anyone recognise the template? And it offers the opportunity to develop some really nice additional features further down the line.
My previous personal site iterations were simple out-of-the-box WordPress blog-type sites. They were interesting and an opportunity to learn something of the web development craft. But the stock WordPress isn’t too far removed from an online word processor with some interesting added features – maybe quite a few.
Most of standard WordPress is point-and-click, drag-and-drop, etc, with all the heavy lifting in terms of code and functionality being done behind the scenes by the core system files. A WordPress installation normally has somewhere north of 5,000 files in total. The WordPress core is an area requiring professional-level coding and development skills, somewhere the standard user dare not tread.
As an interesting aside, approaching one-third of the entire World Wide Web is powered by the WordPress core, in one form or another. Globally, that translates to a mind-boggling number of websites.
There are many implications to that amazing metric – I’d like to touch on two in particular:
First, with an installed base of that magnitude, there is plenty demand for top-tier WordPress development skills. But top-tier is the only show in town. Mediocre won’t cut it.
And secondly, unfortunately, such a potentially target-rich zone is irresistible to hackers everywhere. Furthermore, no site is too small to escape notice. Automated bots crawl the web seeking out vulnerable sites to exploit.
Having said that, the WordPress core is very secure. Best current secure coding practices are applied. However, absolutely no software or application on this planet is completely secure and it is a constant game of cat-and-mouse between the good guys and the bad guys – malicious hackers – who spare no effort in finding and exploiting new vulnerabilities, or old, in all websites, including WordPress.
I hope to spend a lot of time exploring and discussing cyber security issues here, but the most critical thing to maintaining a secure WordPress installation is ensuring the site is kept fully updated with the latest core file, theme and plugin updates. Most of this can be done automatically.
Experts indicate that applying an update within 24 hours of it being published is critically important as in that time the bottom-feeders are aware of the particular vulnerability that is being patched and will already be seeking out vulnerable sites that have not applied the updates. More than a week without applying updates is simply asking for a site to be hacked. And it will be – but make sure responsibility and accountability is attributed to the right source, those tasked with the updating. Don’t blame WordPress!
One veteran top-tier WordPress developer that I’m aware of has stated publicly on the record that in the 12 years he has been a professional developer, he has never had a religiously-updated WordPress site hacked. That is quite some statement from an authoritative source in today’s day and age.
Time to move on with developing this site and content. Thank you for stopping by and I hope you will visit again.