Securing the Doors Around Here

Update: the HTTPS piece talked about here has been turned off for the moment as it was the reason for the downtime today. It will come back. So please take note of the below as a bit of a preemptive note.

As if there isn’t enough news going around these days about data, access, and security, one of the more recent pieces that has sounded an alarm is the news of a botnet (automated scripts that act like tiny computers within programs) that is aiming to use WordPress-powered blogs for generally making a bit of nasty noise around the web. Since MMM is among many faith/tech sites that uses WordPress, we’ve been going about adding some measures of security to the site here – and its noticable that it will have an effect on how you consume information around here.

If you are coming here direcly by typing in the URL (as about 45% of our visitors do), you will have noticed a note about the security certificate for the page, and then you would have noticed that we are now running the site with SSL enabled. You notice this specifically by the https:// that is in the URL field of this page. That’s the biggest piece of friction and has actually resulted in about 2/3 of the traffic that we normally see in that organic fashion going away. Crazy drop I know, but if it means that the information here remains usable in a secure manner, that’s going to have to be the case.

Enabling SSL, along with a few other features behind the scenes, happened to be enabled by the use of the WordPress plugin Better WP Security. Better WP Security enables all kinds of neat features that you would normally need to know a bit about network security to implement, while also adding some semblance of sanity through log reviews, IP blocking, and site database backups. Being that MMM is no stranger to strange visitors, this is a very important measure of security that we needed to implement, and frankly probably comes at a great time. Our server admin also considers it a good thing to add, even though its not necessarily the route they would have gone with (they are admins, they know things too).

The SSL tweak has broken pages for a number of visitors. The biggest break is actually on the side of our RSS feeds. You will need to check your feed address – its needs the https:// then mobileministrymagazine.com/feed in order to work properly. Yes, I’m still using Feedburner (feeds.feedburner.com/mobileminmag – I think that’s it), but if that service was also to be cut off by Google, you need to know how to get our content in the most direct way as possible.

For those of you not coming to MMM through any of our apps/experiments, you can still get to MMM content through our HTML5/jQuery web app, or by the (only?) mobile ministry portal out there – MobMin.Info. Either one puts our content in front of you in a mobile-friendly, quick, and contextually-relevant manner. Who knows… we might just let those stay as the entry points while the rest of the web works itself out.

Other than that, content will still flow to and through our Twitter feed (@mobileminmag). And there will also be a slew of content posted by others at Twitter, Pinterest, and other social media outlets if you search for #mobmin. There’s a growing body of conversations and works happening, and MMM is proud to be a part of that conversation.

I’m sure that our folks who work in the mobile security space will have more to add to this thread, and that conversation remains open here and other places. If anyone has continued advice for MMM, please don’t hesitate to drop us a line.

For some other tips on how to secure your WordPress blogs, visit this recent article at Internet Evangelism Day – with IE Day coming up in a few days (April 21st) this makes even more sense to be on top of for your ministry communications.