Hi all, I am excited to tell you I have just joined Pagecord, and Squarespace told me I was eligible to get the prorated refund (probably due to the new basic plan within 14 days).
While I do think Pika has the best editor experience, Pagecord is improving and the integration of Markdown is coming, and I tried before.
The main reason I chose Pagecord is the login through email, although it is not 2FA, it’s still safer than Pika and Bearblog with username and password simply. Especially on Pika, there are never email notifications showing email changed or account created, password change doesn’t need the current one. But Bearblog at least has email notifications on account change and need current password to create new one.
Pagecord is like Bearblog which is open source!
Now my blog updating process is much more seamless, saving me an hour or two on every article, and not to mention I can upload on my phone anytime!
Although I want to promote myself as an illustrator, I found I don’t need so many features on a website builder. When I see the Refresh on Squarespace, everything will be AI and I have no idea about that…
Today, the owner of Bearblog Herman finally replied to me, and in detail about the considerations of not implementing 2FA. I am here to quote all the text as it will be worth understanding security in different perspectives and contexts:
This is something I’ve thought long and hard about, and will have to write a post about it at some point.
Bear doesn’t have 2FA by design for a few reasons. The first is that this is a low-priority account. There aren’t concerted efforts by malicious actors to take over blogs since there’s no financial incentive. There hasn’t been a compromised account on Bear for the last 5 years, and even if someone’s password is leaked either via phishing or a reused password in a data leak, there’s not much interest from the malicious actor.
Not to mention that if someone does mess up your blog due to a leaked password, you can email me and I’ll restore your access and roll back the changes.
Adding 2FA would be security theatre here. On top of that, most people are really bad at backing up their 2FA recovery codes, which just means they’ll just email me once they’ve locked themselves out of their accounts asking to restore access. Since you can just email me and I’ll restore account access it kinda negates 2FA to a certain extent (since it’s not a hard lock of the account).
So in a nutshell, I’d be creating more work for myself while trying to solve a problem that doesn’t currently exist on the platform.
I hope this all makes sense. Feel free to ask any other questions
The fact there have been no breaches in 5 years is… well, good so far.
I certainly wouldn’t put any political commentary on the platform. Or any other content of a divisive nature. Oh, and it they manage to break into your email as well, then Herman will be very accommodating to the bad actor.
Also, what would they want with a blog? Display ads. I’ve seen it.
Whilst I appreciate that hackers could break into the site, I also see little benefit there. Your custom url can pretty quickly be removed and ownership sorted with the blog host.
If they manage to break into your email surely Pagecord would also be compromised?
I would imagine most hackers are looking for much higher value targets. Unless you’re a prominent celebrity I’m not sure you have much to worry about. Wordpress and Squarespace are much better targets.
I do think through that emails telling you of account changes would be useful.
Edit
I should add that using strong passwords of 14+ characters, using all character types is still considered extremely secure.
Indeed; and most of those WordPress attacks are by bad actors relying on scripts and known vulnerabilities. I really recommend WordFence for self-hosted WordPress.
As you say, strong unique passwords are still considerered secure. The other vulnerability to be concerned about are email-based phishing and malware payloads.
And yes, automated emails regarding account changes or activity are helpful.
Yes, you are right. There are different factors involved in security. I use password manager.
By the way, I have just switched to Pika. Pagecord is great but for me I found myself as a heavy user, and I looked into details of every service. As I couldn’t experience every feature before paying Pagecord, I realised the image gallery is a bit far from my expectation. If your blogging style is mainly text with a few images, Pagecord is for many people with the cheapest price. It has its potential but so far not many people know it (it is just two to three months younger than Pika).
As I tried almost all the features in Pika on free plan except custom domain and newsletter, I still love their blogging experiences and especially the guestbook which allows visitors to doodle. They know what is a happy blogging experience! The images are handled very well! I don’t think I will jump ship as quick as in Pagecord.
There are also some features that are important to me, like alias (as my link format turns from blog/yyyy/mm/dd/title to posts/title, so alias makes my links on Google Search not be broken after blog transfer); choosing one of my pages to become the first page; footer.
Pika is growing, and their team is using, also one of the products Jelly has had 2FA, I believe they will bring this feature some day. Things can change but hopefully it will be better. If not, the last resort will be back to Squarespace as they keep my design and contents. But from the wording of Herman, it looks like better account security won’t come true.
True. They are not solo although they are a small team. The blogging software is very solid, and the image lightbox works very well! Their style makes me think of Bear note-taking app!
I’m trying out the free Pika version on @Medievalist recommendation. Although I haven’t posted anything yet!
I did prepare my site having hand coded it; that’s rather easy with html5 and css3, but in the end felt that brought too much friction to my workflow. Unlike the big boys like Squarespace and Wordpress, Pika is reasonably priced.
I am helping a local charity to run a Wordpress website. Help means that I did set up the website and I am taking care that it is working and up to date. It is running on a shared hosting server (local charity, not many visitors, shared hosting is more than enough). The charity’s members are posting articles, a venue can be booked using a free plugin. About 30 Euro per year. They have to pay for their .net domain on top (.DE domain not available), another 24 Euro per year. That’s it. Daily automatic backup, Wordpress is updating itself automatically as do the installed plugins most of the time. The website has been online for 7 years now. With no problems at all.
I am with @zkarj: there may be alternatives to Wordpress, but Wordpress has a long history and it is working just fine. And… while using the commercial branch of Wordpress and its hosting plans are an option, it is one option. You can use Wordpress everywhere. You have total control over your data and you are independent from others: your Wordpress instance can run everywhere.
It may not be for everyone and those startup projects sound interesting, but Wordpress still is a great option, also today.
I think it depends on different situations with different plans regarding the size of storage and number of visitors. To be fair, if you want to have a blog and online store to adopt the changing situation (like one day you get much more customers so you have to upload a lot of content and products with a lot of traffic). Squarespace is worry free. Unless you want to pay for the newsletter for larger audiences and earn more (less transaction fees from Squarespace), in most cases you don’t have to upgrade the plan.
I just don’t like their builder which is still desktop oriented, and the blog, as one of the important ways to communicate with customers, doesn’t get easier. Every time I have to go to the settings to determine which cover image to upload, write the excerpt, upload social images… Pasting my content with these settings end up more time consuming than writing content itself.
That said, even though they are acquired, their prices are being increased, and they are becoming sales oriented, they are still nice to refund partially when you switch to a new plan, and don’t delete your content (just offline) so that you may come back and pay to use it again. Compared to Pagecord, when I requested the refund, I had to delete my account, that means I won’t consider going back.
Things can be changing, but I am looking forward to how Squarespace and Pika go.
