How to Not Get Your Blog Hacked

Maciej Ceglowski:

If you listen to me, the answer is much simpler. Do not run this kind of software on a public server. Either host your blog with a competent centralized site (like LiveJournal or Blogger) that takes the burden of upgrading, backing up and patching off your hands, or use whatever personal publishing software you like (WordPress, Movable Type, and so on), but keep it on a local machine.

This is how a lot of early blogging software worked. The software generated static files and uploaded them to the publicly available server, which meant the software was not publicly available. This is very secure, especially if you’re using SFTP, but the downside is that you can’t post from multiple machines.

Update: Maciej has added a new post with a basic outline of how such a setup would work.

Monday, 7 September 2009