So my website got hacked last month.
I caught it by chance. I connected via FTP to my server to check something and noticed a PHP file that looked out of place. Sure enough the source code of the file mentioned someting about the Virusa Worm and AnonGhost. I traced the compromise back to a WordPress site scheduled to deactivate which I hadn't performed updates on.
Now it's time for change.
Hosting at Digital Ocean
My site was hosted on Site5.com. Site5 was able to quickly confirm the issue, date of compromise, and the method of attack. They also quickly restored a pre-attack backup.
I wanted to take extra precaution.
Enter Digital Ocean. Digital Ocean's claim to fame (well, one of) is giving customers the ability to rapidly deploy a new site (droplet) hosted on an SSD drive for a reasonable price. This is the first time I've used Digital Ocean and I love it.
Their documentation is fantastic. They provide easy-to-follow instructions on common systems administration tasks. This allows you to rapidly create a custom server configuration for development.
Digital Ocean also provides pre-built configurations. You can create a LAMP stack, a WordPress setup, or a Ghost setup with root access in 60 seconds.
What I love is the ability to quickly create and destroy droplets. So, if my site got hacked (which it did) and I had a data backup (which I did) I could create a new droplet, import my data, and delete the old droplet.
Migrating to Namecheap
While I was at it I also migrated my domain name from OpenSRS to Namecheap.
I have a reseller account at OpenSRS and have had for a number of years. OpenSRS had a great reseller program with low fees which included all the features other registrars charged for:
- Whois privacy guard
- DNS management
- Domain forwarding and masking
- Email forwarding
The only drawback to OpenSRS was their horrible user interface. Once you got used to using it, it was still confusing. But that's OK because having my domains at OpenSRS reduced the cost of ownership because I enabled privacy guard on all my domains.
And then OpenSRS started charging for privacy guard.
I'm all for supporting OpenSRS. They never lost a domain, they kept prices competitive, the communicated openly. But the OpenSRS control panel still sucks. The new panel is only partially implemented, but it's still confusing and doesn't work as expected.
So if I'm paying $15 for a domain name plus privacy guard, I'll stick with a user interface that's easy to learn and works. Namecheap is it for now (Hover looks good too).
Migrating from WordPress to Ghost
Migration out of WordPress is just short of heart-breaking. A number of tools are available to help you transition, but I'm running into some issues:
- Custom plugins (particuarly with URLs)
I owned a handful of WordPress plugins for managing links. Tools like EasyAzon for creating Amazon affiliate links, ThirstyAffiliates for creating shortlinks. I had hundreds of custom URLs created inside my posts.
Ghost doesn't have an equivalent (yet) so I'm left manually rewriting all of my custom URLs.
I'm OK with this. It will teach me not to take a shortcut next time.
I also had some custom sharing plugins installed. Tweet to download. All of those are disabled and I'm working to strip the shortcodes out.
(Cloudinary made image migration easier than it could have been. I was still left with a ton of [caption] tags I had to strip.
I did lose some custom images used for posts. That's OK though, because they were already "lost". Sometime between the WordPress 3.8 upgrade and a theme change they stopped appearing.
Three things are helping me maintain my sanity while I clean up my content:
- TextExpander (especially the fill-ins feature)
- Regular expressions
I created a cleaner in Textsoap to convert a subset of HTML tags to Markdown and strip WordPress shortcodes from my post text. I'm running the cleaner manually and reviewing each post. One. At. A. Time.
I create snippets in TextExpander to streamline affiliate link building.
First impressions of Ghost
I backed the Ghost Kickstarter. Overall, I'm impressed.
- Easy installation (on Digital Ocean at least)
- Migration went well
- Markdown editor works well
- User interface is well-polished
- Free professional-looking templates
I still have lots of cleanup to do. Back at it...