Yes, a rare blog post on my own blog. I’ve been testing out VaultPress for awhile, and I’m pretty happy with it.
While a bit pricey right now, it does deliver a lot of bang for its buck if you have a high-profile web site. If WordPress is part of your day job, VaultPress should be too. What is VaultPress? In a nutshell, it’s an online backup service… for your WordPress site. It backs up all your content, and database files, for a single WordPress installation.
There are a few things I haven’t tried yet, such as WordPress MU situations… you know how I love to push the limits on stuff like that. And, I do hope that there is an MU price-point at some point so that WP-experts can have just one account.
Now, on to my suggestion. There’s one missing feature that I would really, really, really want to see in VaultPress. And, that’s secure login.
SSL is expensive, when you think about it. You’re paying one or two months of VaultPress service on average, each year, just so you can post from a Wi-FI hotspot without worrying about someone stealing your password. And yes, if WordPress is part of your day job, that is something you should be worried about.
So, what I’d like to see VaultPress do, is securely generate a hash and log in through a secure man-in-the-middle.
In this instance, a user could go to a special URL, say, www.site.com/wp-admin/secure/
In doing so, you’d be transferred to VaultPress’s web site, with the URL for your WordPress blog filled in. From there, in an SSL session, you would enter your WordPress login info. Finally, you would be logged in securely to your WordPress site, without your password being transferred.
Some might say this isn’t necessary, after all, SSL without a paid cert is possible. But, in a lot of shared hosting situations, it isn’t possible. And, having a true certified SSL login ensures someone hasn’t created a man-in-the-middle attack, or generated a faux web site to catch your password. It also prevents phishing and other attacks, since you would be directed to VaultPress, and could easily tell if you weren’t on VaultPress’s web site before logging in.
Anyways, there’s my feature suggestion writeup. Feel free to sound off in the comments.
P.S. Even if this feature doesn’t show up in VaultPress 1.0, I’m still a happy customer with the service. Like I said above, if WordPress is part of your day job, VaultPress should be too.