Almost 12 years later, I’m here to tell you that being frugal about managing the back end of my blog did not serve me well. I have been to two major blogging conferences and hung out in the company of bloggers virtually and in real life over those 12 years, but it wasn’t until recently that someone helped me understand what I needed to do to improve my blog’s security at a time that I was in a position financially to do even a fraction of it.
Here’s a list of the things I have changed since I began working with Rena at Technology Therapist a few weeks ago.
I needed to get an SSL certificate
Last September, I applied with an agency I’ve worked with multiple times in the past to write a sponsored post for one of their campaigns. This is a screenshot that came when one of the agency coordinators responded to my application. The subject line was “malware on blog?”
Oh boy. Needless to say, I didn’t get that particular sponsored opportunity, but I did get to enroll in a security system (Sucuri) for my blog. I got directed to Sucuri by Rena, who advised me to have them do a free scan. Once the scan showed what the problem was, I did sign up for Sucuri’s yearly protection and their people went to work getting rid of my “viagra” problem. (There have been other security scares since 2008, but for the purposes of this blog, we’ll go with this most recent one.)
I vividly recall a recurring theme I heard in conversations when I was at a blogging conference in 2018. Other bloggers were laughing about logging on to read blogs that had “not secure” in front of the URL. I’m pretty careful about security in any cyberarea of my life — financial, social media, etc. — I remember thinking, “yeah that’s pretty dumb.” Here’s the problem: I never asked anyone how I kept that from happening on MY blog. UGH.
Fast forward beyond the Sucuri to one of the most important things Rena told me I needed: an SSL certificate. An SSL certificate is a “cryptographic protocol for authenticating and encrypting communications over a network.” That’s about all I can explain, but it’s something bloggers need and it cost me $150 to get it from GoDaddy (which was my web host at the time — more on that later too!).
A new theme
I have hated my blog theme essentially since I switched from Blogspot to WordPress back in 2012 (yes, NINE YEARS AGO!). I didn’t know how to change it. Plenty of places try to explain it to you and/or sell the idea of someone doing it for you. During many of the years between 2012 and now, there just wasn’t extra money to play with blog things (the TL;DR reason: a couple of layoffs for my spouse, my decision to leave my job in 2014, owning too much house, a commitment to getting our kids what they wanted like dance lessons and speedskating fees). So there I sat, paralyzed between spending the money, figuring out who I could trust to help with this and a mixture of other conflicted emotions.
It turns out the new theme was sort of the least of my worries, but spoiler alert — I’ve got the new theme! There are quite a few tweaks I need to make but it’s definitely a start that gets me closer to my goal. My new theme is Market.
My PHP was hopelessly out of date
PHP is “an open source, server-side, HTML embedded scripting language used to create dynamic web pages.” For years, I noticed that my WordPress back end said, “Your PHP needs to be updated.” I sort of tried, by going to GoDaddy and digging into my code, but I couldn’t figure out what to do. (I’m not sure why I didn’t message GoDaddy and just ask).
It turns out there wasn’t much GoDaddy could do to align with my circumstances. (Cue Rena’s email: “We have much bigger issues.”) I needed to update my PHP from 5.6 to 7. Doing that with GoDaddy would involve a switch to a managed hosting plan (and this is not something that is a fit for my arrangement with Rena). Therefore, I switched to Flywheel. Pat me on the back; I’m now the proud new owner of version 7 PHP.
Over many years of doing sponsored posts, one thing I was aware of is that links in a sponsored post had to have nofollow attributes. I had a toggle plugin that I thought was turning my links into nofollows, but I really have never been sure.
Now that I have all these updates, I see these options when I decide to link an url to text:
I saw this and thought, “Is THIS what my fellow bloggers have been seeing all these years?” This makes it so clear. I don’t know if this is related to my new theme, to the updates or what, but a light bulb has gone off over my head.
Grab bag of other things I didn’t know I needed
It’s a little hard to separate some of these things into their own categories, but everything that follows is also part of my new, more secure and backed-up blog world, and it’s relevant:
Through my Technology Therapist Maintenance Plan, I get backups and malware scans of my site twice a month; deletion of spam comments, deactivated themes and plugins twice a month; two plugin updates a month; two theme updates a month; a site speed check once a month; database optimization once a month and two visual site checks for problems or glitches that have occurred due to updating.
Although I am not here to sell you on Technology Therapist, I do want to spend a paragraph highlighting what a delight it has been to work with Rena. (This post by her, by the way, covers many of the must-haves in a more cohesive way than I have.) She has been so patient over the months it took me to finally commit to making the changes my site needed. She helped me back in the fall with the “viagra” situation on my site even though I wasn’t a client (yet). She has answered all of my questions and gone to bat for me several times. I told her it feels like I have my own consumer advocate. She has explained what I should approach GoDaddy about for refunds (like the SSL I bought for a year right before switching hosting providers to Flywheel). When possible, she (with my authorization) has requested the refund from GoDaddy. Her pricing is also extremely competitive.
My blog is so important to me. It has been what I needed for the first goal I set out to accomplish: flexing my writing muscle. But since 2008 it has become so much more. It has helped me sort out how I feel about various events in my life and society. It has helped me earn an income (through sponsored posts). It has helped me, essentially an introvert, have conversations about people regarding difficult topics because a comments section gives me time to think before replying (unlike a high-pressure in-person conversation). It has helped me support causes I love. I think the fact that I had been blogging for 10 years was a factor in my favor when I was applying for my current job — it came up in each of the interviews I had with different teams (find my work blogs here).
For something so integral to who I am (and to my personal brand), I’m mortified at the disconnect between the emotional and labor investment I have made in it for 13 years and the technical aspects that I took the cheap route about.
I don’t know the answer, because I know we all do the best we can regarding our financial choices. None of us can make money grow on trees, but I’ll bet I could have possibly qualified for more sponsored posts (and earned the money to pay for the website security I needed) by making this a higher priority much earlier.
The Big Green Pen had a BIG SECURITY ISSUE, and I’m happy to finally have it resolved.
Do you have any blog/tech horror stories to share?
I am linking this post up with the Kat Bouska prompt “Write a blog post inspired by the word: cheap.”