Photo of a person facing a long road ahead.

Finding Motivation on Mondays

Happy Monday, everyone. I’m back from a great weekend at WordCamp Rochester, coupled with a little bit of winery-touring with my husband through the New York Finger Lakes. Now it’s time to sit down and get back to work. But work on what, exactly? When there’s no client work to be done, where is the motivation to begin the week when Monday rolls around?

I’ve previously written on my personal blog how Mondays can be super-hard when you’re a freelancer, but that seems like that goes double for when the client projects are on the thin side. Since rolling off The Big Project which consumed most of my professional life for over a year, Taupecat Studios is showing the results of its neglect by me. Several potential projects have been put on hold at the client level, and The Big Project consumed so much of my time that the pipeline has run a bit dry. So this is the perfect opportunity to look inward a bit, and work on internal projects, right?

If only it were that simple.

I’m a person who thrives on stress (although that’s probably not so good on my heart), specifically the stress of meeting deadlines. When client work lulls, as is the case at the moment, it’s hard to find the push that will get me working on the myriad of internal projects I have on my Trello board. I have no shortage of things I could be working on in both the short-term “it would be great if this worked a little more smoothly” sense, and the long-term “this will really help my business succeed for years to come” sense. While internal projects are important, they never seem to be imperative. Yes, they’re vital to my business’ success, but they don’t actively generate revenue in the here-and-now in the same way client work does.

The other problem is there are so many items on my internal projects list, it’s hard to really know which one or ones to focus on. I’ve been watching and attending more WordCamp talks on running a business (this one on Taming the Whirlwind by Nathan Ingram is especially good), and while they’ve fueled a lot of great ideas to act on, it becomes a bit overwhelming at the same time. Where to begin? The quick, low-hanging fruit project that I could knock out in a couple of days, or the long-term one that’s going to take weeks (or months), but have a significant R.O.I. when all is said and done?

And what happens when I finally begin down the road on a particular internal project, and the client work picks up again? In the “feast or famine” cycles since I’ve become a freelancer, the famines never seem to last very long—which is great, don’t get me wrong! But it also means my internal processes end up stagnating in a half-completed state because they’ve had to be put on pause for the latest client projects.

The Roadmap

There is a rough roadmap in place, and a bunch of things I hope to accomplish between now and the end of 2019. Near the top is revamping the agency website, and for that I got some awesome content advice from Bridget Willard she gave me at Pressnomics. From WordCamp Rochester, I got some great ideas for tools and processes that I can implement to increase the value I provide to my clients. And, as always, there’s a wishlist of technical tasks and automation processes that will make my life easier, once I build them, of course.

Photo by unsplash-logoTegan Mierle on Unsplash.

Abstract image representing online security

WordPress Insecurities

Once again, I find myself up against a client’s preconceived opinion that “WordPress is [inherently] insecure.

It’s a common refrain, and one that I’ve heard over, and over, and over again since I began specializing in WordPress. But let’s set the record straight.

What Is It You’re Really Afraid of?

Is it WordPress you’re concerned about, or open source software (OSS) in general? Despite powering software for most of the planet, OSS still has a reputation of being developed by “amateurs,” and being unstable because it lacks the backing of Big Corporations.

While I won’t argue that OSS has its fair share of abandoned projects, it’s simply wrong that all OSS is written by hackers in their basements at 2 o’clock in the morning. Most major for-profit technology companies—the likes of Microsoft, Apple, Amazon, and Google—are often large backers of OSS, contributing time, money, and resources to its development. They know that their own businesses rely on OSS.

The Myth of “Closed Source Is More Secure”

The only correlation between closed-source software and security is that fewer white-hats (people with good intentions examining software for possible security vulnerabilities) are able to pore over closed-sourced code than open-sourced. (You still have plenty of black-hats examining both, looking for opportunities to exploit vulnerabilities for their own personal gain.)

OSS has the eyes of the world scrutinizing code every single day. Closed-source software only has the company’s own team of developers, who’ve seen the same code day after day after day (and hence, has become jaded and/or blind to its faults). And what if The Security Person is on vacation the day a major exploit is revealed?

When Was the Last Time WordPress Security Hacks Made the Evening News?

Think about the security breaches that make the headlines. I think I can recall a WordPress one back in the 2.* days (WordPress is currently at version 5.2.3). But I can pretty much guarantee that the Capital One, Starwood, and Equifax data breaches did not involve WordPress.

To say that WordPress is inherently insecure is to say that the Internet itself is inherently insecure. I’m not saying that that statement is wrong, but the only conceivable solution to that issue is to stop using the Internet altogether. Does that seem very practical?

Anything Can Be Insecure; Anything Can Be Made Secure

If you throw software out onto the Internet, be that in the form of a website running WordPress or any other platform, and fail to maintain it, then yes, it will, over time, cease to be secure. New vulnerabilities are discovered on a daily basis, not necessarily in WordPress, but in everything that touches the Internet.

The key is to make sure your web properties are properly maintained, with security patches and other updates made when they become available.

Most WordPress Compromises Have Nothing To Do With Software

By far the most common way of breaking into a WordPress site is not through the software itself, but by something called a “brute force attack,” whereby automated attack bots literally try to force their way into a privileged account on the site by guessing usernames and passwords. If you use weak passwords, or (worse yet) reuse the same password across different Internet services, you’re increasing your risk of compromise. Often, data breaches on one service serve as jumping points for attacks on different systems because exploiters know that people often use the same usernames and passwords across accounts.

There are plenty of password security best-practices you can do to reduce your security exposure, including:

  • Using strong, nonsensical, and unique passwords along with a strong password management system such as 1Password or LastPass.
  • Don’t use “common” usernames for your accounts (like “admin”; never create a user account in WordPress called “admin”).
  • Make as few user accounts on your WordPress site as possible, and don’t give users any higher level of access than absolutely necessary.
  • Don’t transmit passwords over email.

Don’t Go It Alone

Chances are, WordPress is not your core business. But it is mine. If you don’t feel like you have the time/energy/resources/interest to maintain your WordPress site properly, get in touch, and we can discuss outsourcing that responsibility for peace of mind.