RIP Wordpress (16/06/2011)
So... wordpress is gone. And in its place an extremely simplistic blogging platform. Why did I give Wordpress the boot?
- It's a huge attack vector and has oodles of features that I don't use.
- It got attacked
- Writing posts for Wordpress is just too lengthy an ordeal. I barely update the thing
What have I actually replaced it with then?
- Custom file based CMS. A directory is scanned and each file is a post
- Each file is formatted with Markdown
- After markdown has done its magic, it's purified with Purify (it's pretty useless, since if you have access to the filesystem to drop XSS in my posts, you can strip out the purify too. But just in case a folder permission mistake occurs, or an attack by a very lazy hacker)
- The posts are vomited onto your page, which is how you're seeing this
- Although I shouldn't rely on security via obscurity, the fact this system is custom means it won't be subject to the same drive-by mass attacks that the wordpress install was subjected to (where something could attack hundreds of wordpress sites very quickly)
Cool, huh? I think so, mainly because it was quite simple to cobble together, and hopefully means I'll actually update my blog more frequently. I've kept the database of the old wordpress install just in case I can salvage content from it, but for the time being this a fresh start.
Here's the roadmap for the blog:
- Proper datestamps on posts
- Comments, most likely using Disqus
That's all for now, but at least the site now has more than just a "Oh crud we've been attacked" message