A few days ago, many people running slightly out-of-date versions of WordPress blogging software on their servers had it hacked in very nasty ways. Understandably, that's caused a lot of consternation, including suggestions (via John Gruber) that you shouldn't run that kind of software on a public server yourself. Indeed, perhaps you should use crazy complicated workarounds involving Unix terminal commands and such instead. (As if doing so is less complicated than keeping WordPress up to date, but anyway...)
Now, to be clear, I do run several sites using WordPress, and was lucky enough to have all of them up to date so that they weren't bitten by this hack. But this site, my personal blog, has always used Blogger, the original easy blogging application. Not only that, but I use it in its original configuration, which provides the benefits of the weird Unix approach above, but without the hassle.
I didn't come to this approach because I'm especially security conscious. Mostly, it's just inertia and laziness. I started publishing this blog using Blogger almost nine years ago, in October 2000. It works, so I just kept publishing it that way, through several redesigns and a couple of hosting moves. In other words, I got lucky. On to the details.
[Creating blog posts on a local, non-public computer] is how a lot of early blogging software worked. The software generated static files and uploaded them to the publicly available server, which meant the software was not publicly available. This is very secure, especially if you’re using SFTP, but the downside is that you can't post from multiple machines.
...and Maciej Ceglowski said:
Either host your blog with a competent centralized site (like LiveJournal or Blogger) that takes the burden of upgrading, backing up and patching off your hands, or use whatever personal publishing software you like (WordPress, Movable Type, and so on), but keep it on a local machine.
I wrote to John that:
There is a third way. Blogger still allows you to use its original, intermediate model: access the blogging software on Blogger's server, but publish via FTP or SFTP to your own server (i.e. the files travel from Blogger's server to your web server). That's the way I've run penmachine.com since 2000, and it has the advantages of:
- publishing static files that don't require Blogger or a database to stay alive.
- having Blogger maintain upgrades, backups, and databases.
- working from any computer with a web browser.
Many people don't know this option still exists, and many of the more newfangled features of Blogger's newer templates, widgets, and so on don't work with it, but since I create my own templates and don't want the extra stuff, that's not an issue for me.
Oh, and publishing via Blogger and FTP or SFTP is not perfectly secure, of course. Someone could still hack my Google/Blogger account, or compromise my server, or (more unlikely) both. But I can regenerate my blog via Blogger's database (if the server is hacked), via my server (if Blogger is hacked), via my hosting provider's backups, or from my own local copies of my blog. So I'm in a better position than someone running everything on the server without proper backups.
Then again, anyone who has backups is in a better position than someone who doesn't, always.