"The Physical Impossibility Of v3.2 In The Mind Of Someone Running v2.8"

WordPress is as any fule kno, about three or four of the seven wonders of the Internet. It’s a remarkably elegant and flexible website platform that puts enormous publishing power into the hands of people without any particular coding skills to speak of. As a definite member of this low-talent group, I find it hard to speak too highly of it.

However, like all good things, it’s very easy to binge on it and regret it later. You can throw up impressive, interactive blogs and sites for anything, extremely quickly – any short term project, event or campaign – and soon find you’ve got a dozen defunct CMS-driven websites on your hands.

Often you want to keep the content of these sites, as it’s useful to have as an archive, you’ve got a sentimental attachment to them, or at least they’re not harmful and give a bunch of people a teaspoon of Googlejuice. The problem is that CMSs move on all the time. WordPress drops another incremental version every now and then, adding lovely new features and fixing bugs, but also addressing security vulnerabilities.

Get too far behind, and you may find yourself with a site that’s swiss cheese for hackers, using your hard written content to push Viagra or phish for others’ personal data. You web host is unlikely to take kindly to this abuse of their servers too, and it’s an all round hassle you’d be far better off without.

The problem is that keeping  your dozen defunct sites up to date in perpetuity, when you’ve no longer any intention of updating the content ever again, is also a hassle you could do without.

I’ve had this problem recently, and have set out on a program of killing off a number of old blogs or sites for defunct but still interesting projects. I basically wanted a way to render a site unhackable, which would mean deactivating the site admin tools and database, and converting the whole thing into hard-to-mess-with flat file HTML.

I’d hoped there might be a plugin for this (there’s one for pretty much everything else), but didn’t manage to find it, so with a colleague, we came up with our own 7 step plan. I admit this is of pretty specialist interest, but I guess if you’ve read this far, you’ve probably got the same problem, and may find this useful too:

1. Get hold of an offline browser program. I like Maximumsoft WebCopier. This can be set to crawl a whole website, saving a local copy of each page with the same relative file structure as the site, and copies of all static resources such as images or stylesheets.
2. Tweak your WordPress theme’s header.php, so you can add a banner at the top of every page, explaining the site is no longer actively maintained, and is being kept as an archive, so you shouldn’t be surprised if content’s out of date, or links no longer work. If you want to be very clever, you could even do this via an iframe, so editing it in one place in future will change the banner on all pages.
3. Take out locally hosted search functions, or other pieces of interactivity that wouldn’t work if saved as static files. Remove contact forms and switch off new comment permissions across the site, so you don’t disappoint people who wanted to respond but now can’t.
4. Run WebCopier on the site, saving every page the spider can find onto your hard drive.
5. Make a subdomain or subfolder for your site, and upload the offline site copy there. Have a quick poke around to check it’s all still linked okay.
6. When it’s okay, switch the main domain to point at the subdomain folder or the subfolder holding the static site.
7. Delete the WordPress files and remove the MySQL database.

And presto, you have one mothballed website, still all there, still with incoming links intact, but now proof against hacking or other unpleasantries.

A rather drastic solution sure (you can obviously not go back to running it by CMS again), but one that might save you a lot of grief repairing hacker damage on an old site you didn’t plan to do much with anyway.

(Of course, for completeness sake, there’s a less drastic alternative you could be factoring in from the start, by using the MultiUser functionality of WordPress to run loads of sites off one installation, meaning you need only ever keep the one central system updated. It’s not always an option though, as it restricts your freedoms around user accounts and plugins used on different sites. Plus it requires a degree of planning, which is not always my strong suit.)