January 09, 2019

Why I Rewrote My Blog With Gatsby

Or How to Respond When Your WordPress Blog Gets Hacked
edit

A couple weeks back now, I was starting to write a blog post to recap my 2018. I thought it would be a good idea to reference my goals for 2018 and started to review that post when I discovered something interesting. As I was reading a paragraph, I noticed some words that didn’t sound like my voice. As I read further, there was a link to an air compressor. I assure you, I don’t own an air compressor (yet) and I certainly would never put it in my article about my 2018 goals.

That’s when I realized that I had been hacked. Fuck.

Here’s a tweet thread regaling my woes that evening as I discovered the hacker had been changing my posts for four whole months!

I never did find the exact point of weakness that the hacker used to get in and mess with my stuff, but I suspect it comes from my inattentiveness to updating plugins and WordPress itself. It would be nice to be able to trust something like that to be secure, but it seems weaknesses are found and exploited regularly.

I took the steps of changing all my database users and their passwords (including the root user), repaired all the damage that was done and then some. But after doing all this, there’s still no guarantee that 1) the intruder had been locked out of the system and 2) that this wouldn’t happen again when I forgot to update a plugin a month from now. This put me in a tough spot.

On the one hand, I really don’t like rewriting my blog, or even putting that much work into it. I like it functional and simple and that way I don’t waste time rewriting it every year. I think devs everywhere waste a lot of time in this fashion, when they could put that time and energy to much better uses.

On the other hand, I now have a blog that’s weak and vulnerable. It’s irresponsible of me not to try and remove attack vectors if I can.

So I bit the bullet, and decided to rebuild my blog on Gatsby, and let me tell you, it was a blast!

Overall, my experience rewriting the blog (and streaming it while I did it) was really positive. I hit a few snags, but for the most part, there was always someone or some good documentation that was available to help me get through it. I think I was able to complete the rewrite in under 30 hours, which is pretty good.

What’s great about having done this is that now I have a much more comfortable framework to make updates to the blog. You may notice a few improvements around here. My face is now at the bottom of each post, my latest egghead course is now present at the bottom of each page. I already have plans to add features such as pages to sell courses and workshops and more. I think Gatsby and it’s vast ecosystem of plugins gives me a ton of power and flexibility, all while being really safe. No more updating plugins. I just build the site and host the static pages. It’s quite amazing.

On top of that, I moved my hosting to Netlify which means I don’t even have to pay for a server anymore. I am going to save $60 bucks a year by making this change. That’s pretty cool if you ask me.

In the near future, I’ll write more in depth about my process of converting the blog and make a few posts about Gatsby and Netlify. Should be a lot of fun.

Let me know if you have any questions about Gatsby on Twitter. Happy to help if I can!


Liked the post?
Give the author a dopamine boost with a few "beard strokes". Click the beard up to 50 times to show your appreciation.
Kyle Shevlin's face, which is mostly a beard with eyes

Kyle Shevlin is the founder & lead software engineer of Agathist, a software development firm with a mission to build good software with good people.

Logo for Introduction to State Machines and XState
Introduction to State Machines and XState
Check out my courses!
If you enjoy my posts, you might enjoy my courses, too. Click the button to view the course or go to Courses for more information.
Sign up for my newsletter
Let's chat some more about TypeScript, React, and frontend web development. Unsubscribe at any time.