Probably the most significant decision people will make when building their website is the decision about what software to use. A lot of people choose existing CMS or ecommerce apps like WordPress or Magento which makes for a quick setup and reasonable support. Others choose to build their site from scratch or use one of many lesser deployed apps like the Ghost blogging platform or x-commerce. It’s nice to think that everyone evaluates the features of each offering and chooses the one that best fits their needs, but that is not what happens.
Most websites are owned by non-technical people without IT support so the software they end up using is whatever has the lowest cost of entry. That means whatever is in their control panel that can be installed with one click is what gets used.
This situation is what leads to lopsided software deployment statistics such as massive WordPress footprints and, to step away from the Internet for a second, the global market share of Windows. The web software that is best at getting into one-click installers like Scriptaculous or pre-installed on desktop computers become the most popular. These large deployments of identical software provide a good selection of attack vectors for bad actors. If a vulnerability is exposed in WordPress, for example, a bad guy has literally millions upon millions of WordPress websites to attack using that exploit.
Continue reading “The fruit decision: how low should your website hang?”
The world of things is grouped into three categories for me. There’s things I know, things I don’t know, and things that in order for me to understand they even exist you’d have to go back to the Big Bang to give me enough context to get a grip on. I think that most of us think that most people know what we know, or at least have enough context to get up to speed pretty quickly. Recently, however, I find myself talking to a lot of end-user website owners and I’ve come to realize that is not so. I’ve had to have many Big Bang conversations with website owners in order to explain what I felt were pretty fundamental pieces of the Internet. So, I thought I’d try to lay out the basic things that I think everyone that owns a website needs to know.
Many of the people that cross my path daily are legitimately trying to understand all the moving parts of their website; but there is a sub-community that promotes willful ignorance as well. In some circles it has become chic to be incompetent with technology. We wouldn’t dream of saying things like “I take my car to work but I have no bloody idea how to drive” or “Lawnmower? Not a clue how it works, when it runs out of gas I just throw it out and buy a new one because I have no idea where the gas goes in”. But it is somehow OK, and in fact fashionable, to say “my website? Not a clue how it works. When it stops working I just scream and yell at random people until someone fixes it”.
So here’s my attempt to help.
Continue reading “A primer on your phone, I mean…your website.”
WordPress has a lot of great features that allow non-technical people to (mostly) manage their own blogs. One of those features is the ability to perform WordPress upgrades and install plugins right from the admin interface. People who have trouble understanding how FTP works, or who aren’t very successful at fumbling around on a command line can make use of these features without having to become sysadmins. This obfuscation of technology is one of the reasons that WordPress has become so successful and in such widespread use.
But, as the saying goes “Security or Convenience: pick one”.
Continue reading “How to securely update WordPress”