Goodbye Wordpress

November 1st 2015

I have been using Wordpress to drive my website ever since I got the domain name in 2006. Wordpress has only become richer and more feature-rich during this time. But owing to this popularity and perhaps its design, Wordpress has also become a prime target for hackers. Or so has been my experience at least. The attacks are not sophisticated at all, just brute forcing of the login page. But they are incessant; My webhost even had to make my login page non-executable to stop the barrage of login attempts.

I tried a Wordpress security plugin which discourages brute force attacks by an increasing timeout. Unfortunately, the attacks keep coming. And while a good password ensures that such attacks will not succeed, it is still annoying. So, it was time to start looking for alternatives. This is where we say goodbye to trusty Wordpress, and say hello to Metalsmith.

It turns out that a great way to deter attacks is to not have anything to attack. That is, a static site devoid of any server-side intelligence. It seems to be the latest trend these days, and I found several tools for this. I tried, Hugo and Hexo, but I finally settled on Metalsmith. It is quite hands-off, and everything is done through plugins. Metalsmith is very similar to Gulp, another of my favorite tools.

I must admit it was a bit of a struggle to get things going; Some of the plugins have been renamed or deprecated recently and I never did find a comprehensive tutorial; Metalsmith's own website too is rather short on text. Nevertheless, once I did get things going, it was a pleasure. And here we are, with a brand new website and a completely custom template (something which I never enjoyed doing with Wordpress because, PHP).

And best of all, no more of this:

attack notifications