What We’ve Learned So Far

As I’ve been rebuilding this site. In case you hadn’t noticed. I have.

Cause of the hack.

And this is what I’ve learned so far…

Backups Aren’t Necessary UNTIL THEY ARE

If I had been maintaining regular backups (which the hosting company is totally happy to do for just a few euros more per month), it would’ve taken a few short hours (minutes? let’s hope I never find out.) to rebuild. Instead it’s been days. And it’s going to take at least another week to smooth out all the wrinkles.

So now I use Vaultpress, a WordPress plugin that interfaces with Jetpack, for daily backups.

We Don’t Need No Stinkin’ Malware Scans UNTIL WE DO

If I had had a regular scanning system, it would’ve caught the suspicious activity at the start – maybe before the hack was as extensive as it became. Maybe before anything had happened, thereby eliminating the need for backups.

As it is, I figured it out cause of a feature change with the sharing interface – I was refreshing the site like mad while I figured out a bug^Wnew feature. And saw the pharmaceutical site instead of the beloved blog.

So now I use the personal paid version of Jetpack which is cheaper than what the hosting company offered – another up-sell for just a few MORE euros per month.

This particular plugin also gives me all kinds of insight to activity on the site, which is totally fun cause this is what maternity leave looks like, for example.

Number of views from October 2014 until April 2015?

Zilch. Zero. NADA.

I had a bunch of other posts before PROSalpha, sure, but I rebuilt this site when I decided to rebrand myself after he was born and I was looking for a career change.

Firewalls Are For Wimps AND I’M TOTALLY A WIMP

So a firewall might POSSIBLY have prevented the need for scans OR backups.

I looked at a few different options for WordPress plugins and opted for the free version of Wordfence which also offers backups and suspicious activity reports, but has the additional feature of a firewall. Then a friend recommended it, too, so it’s in there, but the free version as I had already paid for JetPack.

I’ll let you know how it goes.

Upgrade, Damnit NO IFS ANDS OR BUTS

It’s all maybe’s and probably’s over here in LeanderLand because I don’t have a specific root cause.


Even though I had set wordpress, the themes, and the plugins to auto update, the underlying programming language, PHP, can only be updated MANUALLY via the hosting company’s interface.


So that’s updated.


I’m giving serious thought to self hosting. The only reason I’m leaning back towards staying is

  1. I’m TERRIFIED of self hosting. That’s a lot of fucking responsibility when it’s super convenient to blame someone else when something goes wrong.
  2. I called last night to take care of a couple of final things and TO TOTALLY VENT and got an AMAZING ENGINEER who LET ME VENT. He listened. He helped. By the end, he even made me laugh. A little bit.

In addition to pointing out that I didn’t need a dedicated server vs a shared hosting environment, talking to me about the pros and cons about hosting one’s own site including the technical aspects, and coming to the conclusion that I could totally handle it myself, he adds, “Besides, you sound EXCITED about doing it, so…”

And I am.

Totally KEEN.

Cause I could even build it with using RDO OpenStack and TripleO, spin up my own cloud with an web server on it and voila – it’s a talk waiting to happen.


Cause when it’s down? I’m the admin. I’m responsible. Me.

And I’m responsible for enough right now.


I’m sticking with GoDaddy.

For now.