WordPress: A Love Hate Relationship

I’ve probably created nearly 100 WordPress sites in the past couple of years. I can do a manual install with one eye closed and one hand tied behind my back.  I can spend hours looking for that perfect theme. Not to mention that my limited php skills are actually enough for me to successfully tweak and modify WordPress templates to my liking.  I’ve worked with Drupal and Joomla sites, Code Ignitor, Mambo, and various e-commerce content management systems. But at the end of the day, WordPress has my heart. For me, the flexibility of being able to do whatever I want with a simple plugin makes my life easier. Need social media functionality?  Plugin. Video capabilities? Plugin. Want to create quizzes and surveys? Plugin.

I’ve definitely had my share of troubleshooting WordPress – futzing around with the .htaccess file on earlier versions; learning about chmod commands, cleaning up several security hacks that have injected strings of malware into my code. But I don’t mind, because with each issue, I learn something new, and how to deal if it were to ever happen again. Besides, every CMS will have its fair share of issues and limitations.

But lately, my WordPress sites seem to have a mind of their own. In trying to keep up with the never-ending WordPress updates (3.0.2 on November 30th and 3.0.3 just this past week on December 8th!), funny things have been happening. With one website update came a broken theme, which led to a disappearing Uploads folder, and the loss of several thousand images. Luckily we had back-ups and were able to recover the files, but it was not without wasted time and frustration. On another site, the automatic upgrades would not work, leading to more wasted time trying to figure out why. So yes, WordPress has been frustrating the hell out of me lately.

My partner Avi thinks WordPress is a terrible (gasp!) CMS and has more security issues than the TSA. Because with every install the files and code are the same, and every default login URL is the same (/wp-admin), 2nd graders can figure out hacks.  For me, I just know how and where everything is structured and laid out, so setting up a beautiful site is a a no-brainer. The trick is to be smart about protecting your site. Here are some ways to stay secure:

1. Change the admin URL! Rather than logging into the back-end with www.yoursite.com/wp-admin, you can set it up to be any URL you want, making your site less vulnerable to hacks.  Simple instructions here.
2. Always back up your site regularly! You can do manual back ups, or use a plugin, such as WordPress Database Backup or WordPress Database Manager.
3. Don’t login using Admin, which is the default username, change it to something a bit less obvious.
4. Change your password from time to time.
5. Don’t be plugin happy! Make sure your plugin is popular and has been reviewed several times; you don’t want to install some unknown plugin that may contain malware.
6. Update your version of WordPress as upgrades become available. WordPress releases upgrades when they find and fix a security breach.

So, these are my thoughts on WordPress in a nutshell. Would love to hear about how you all feel about WordPress. Does it rock or am I just one more disaster away from breaking up with it forever?