• About Us
  • Services
  • Case Studies
  • Blog
  • Contact Us
  • WordPress Hacked? 6 Great Self Hosted Blog Platforms as WordPress Alternatives for SEO & Business


    WordPress is the most popular blog platform for a while now and thus the main target of hackers just due to this fact. Also vulnerabilities pop up so often that you just can’t keep up with the hackers. Recently one of the many WordPress Blogs I look after got hacked again by an “online pharmacy”. Of course I’m not the only one. It was the second hack with 3 months of this WordPress blog.

    This time the hackers (or more aptly crackers) even blocked my access to the WordPress admin so that it took really hours of work to get it clean and running again. Ironically this blog was the one I kept up to date quite diligently, uploading a new WordPress version as often as I could. Sadly you have to do it almost weekly, yes there are plugins now to do that, but nonetheless you have to take a look what changed (sometimes a major overhaul of the admin interface) and whether your plugins still work etc.

    In short: It’s work and it’s tedious and it’s annoying but most of all, it’s dangerous!

    So I really can’t recommend WordPress blogs to clients anymore unless you know they’d be able to do all that upgrading and fixing.

    In case you need a reliable, easy to look after and secure blog platform for corporate or business blogging and if you want to host it yourself (still the best option for SEO etc.) you need a WordPress alternative.

    I watch the blogosphere since 2001 and contribute since 2003 so I’ve seen plenty of blog platforms. There are at least 7 great self hosted blog platforms that are good WordPress alternatives: All of them offer clean URLs, semantic markup (h1, h2 etc.) and similar SEO basics.

    1. MovableType: One of the most popular blog platforms. It has been bigger than WordPress a few years ago but it wasn’t Open Source and you had to pay for it so it lost market share. Now MT has open sourced and it is marketed aggressively as the secure alternative to WordPress. It certainly is more secure and has less upgrades to be performed. MovableType had some major spam problems traditionally, this might be a drawback though. Akismet on WordPress manages spam almost perfectly by now.
    2. Serendipity/S9Y: S9Y was the upstarter when it comes to blog platforms. It’s relatively new as it hasn’t been around in the early day of blogging but has a growing community. Some people in the SEO industry use Serendipity so I’d be glad to hear their opinion.
    3. Drupal: Drupal is more than a blog platform but you can set a blog with it comfortably. Also it has been hailed as SEO friendly for ages. Some pretty large sites that are not blogs use Drupal too and to be honest I’ve hear of any problems with Drupal.
    4. B2Evolution: This blog platform has been around for ages but never got really popular. It may be name or the lack of character, B2Evolution even attempts to mimic WordPress looks by using the Kubrick theme, but this might be as well an advantage. anyways, just the fact that it’s around as well as “alive and kicking” for a such long time makes it a viable alternative.
    5. Textpattern: Back when I started blogging it was an easy decision, WordPress o Textpattern. It was a choice like PC vs Mac, the more design oriented bloggers have chosen Textpattern. The community seems a little dormant by now but Textpattern is still a good choice it seems to me. Also there seem to be quite a lot of plugins for SEO.
    6. Mephisto: This is a comparably unknown blog platform but if you look at the code, screenshots and and WordPress-like URLs it looks very promising. Sadly due to lack of funding and only two developers working on it Mephisto is stuck at Version 0.8
    7. Typo: In version 5.1 Typo introduced many of the features we’re accustomed to from WordPress or MovableType. Now it seems to be a really good alternative. Like Mephisto the URL structure follows WordPress defaults and the markup looks great.

    In case you want to build a blog on a more stable and less insecure and hackable platform than WordPress try one of the alternatives above. Of course I haven’t tried all of them so I’d like to hear some feedback from you:

    • What are the drawbacks and advantages of your blog platform?
    • Why is is good for SEO or why not?
    • What do you miss or why did you dump WordPress or another blog CMS in favor of it?
    I help people with blogs, social media & search. I help you succeed on the Web. I've been online publishing for 15 years. I started back in 1997.

    10 Responses to “WordPress Hacked? 6 Great Self Hosted Blog Platforms as WordPress Alternatives for SEO & Business”

    1. Well, any open source product releases updates sometimes and it’s normal to keep your eyes wide open for updates if you really care about security, but it is not that hard.

      I backup my WP db and files once in a week or so(using plugin) and if it happens to my blog get hacked, I can recover it easily.

      I can’t say I’m a security freak, but this issue needs a really serious attention.

    2. UNiHacker says:

      Yeah, same here, make sure you upgrade to 2.6.x, 2.2 versions have nasty exploits in them.

    3. Interesting write-up. I’m still a WordPress fan though. I operate many WP-powered sites. They all live on my own self-managed dedicated servers. I keep them all running the latest WP code, and I’ve “hardened” the installations a bit more than the README file may suggest. All of the blogs on a particular machine share the same WP core install, which makes upgrades a breeze, and I use reasonable log monitoring to keep an eye on day-to-day activity. But mostly, I review the themes, plugins, and other 3rd party addons that I install (if any). The hack examples you posted came from bloggers using plugins that enabled embedding of PHP code into posts, or the blogger uploaded an infected theme. I’m not going to say that the WordPress core is a fortress by any means, but the majority of problems I see come from users who self-host their blogs without much experience in doing so, or users madly installing plugins from all kinds of sources around the Internet without taking a peek at what each component is actually doing. I’m not implying that you fall into this category, but I think WordPress deserves a little more credit with nearly 3 million installs and a great community ;) (Drupal has the same issue with it’s plugins… there’s such an active community with so many available addons, but I see Drupal plugin exploits posted to SecurityFocus almost daily.)

    4. Anonymous says:

      Akismet is also available for MovableType & Drupal:


      So you won’t get more spam when using MovableType instead of WordPress.

    5. I agree with you James, however it doesn’t hurt to always explore different platforms for your content and web presence.
      A while ago I have many sites being compromised and when I took a closer look and read about it on the net, I found out that with simple steps you can take when installing your site or any theme/plugin you can safeguard you site saving you all the headache of fixing your site.
      I always feel that anyone building a new site/blog has to add security into their plan.

    6. fwolf says:

      Nice collection, but:

      1. You forgot about Habari. I’m both using the current 0.5.1 stable and the lastest developer version – for experienced users a definitive alternative, for beginners at least a start (except for the laking WYSIWYG-editor, but you could change that using one of the available plugins).

      2. Drupal and Typo are CMSes – thats like to break a butterfly on the wheel.

      3. Even the most enthusiastic B2E user I know has recently changed to WP. Mainly because of missing proper anti-spam-measurements.

      4. Mephisto is Rails-only.

      cu, w0lf.

    7. malcolmm says:

      I’ve been using wordpress for a while now for my website and those of a few others that I manage. It’s true that the upgrading is a pain and I like the suggestion of using a common core for upgrading. One think I can suggest though is a simple bash script kicked off by cron to dump the MySQL database and tar it up with the webroot, daily weekly monthly – at least a restore isn’t so bad that way. I do one of these for each of my sites and exclude them from my remote of site backups.

    8. Darko says:

      I really love your blog; seoptimise, can you please tell me what blog platform you used to create it?

    9. [...] respected rights, there are differences of opinion right. I ask you to do it,air jordan pas cher,say what steady s, I must do.” So, will enable students to convince. The real from the other point of view to [...]

    Leave a Reply