Good Enough


“Never good enough” was the original title I proposed for this post. That along with “How to discourage and demoralize a piano student” as the short description. I hope it’s obvious I don’t endorse any of this “never good enough” stuff. However, I experienced it first hand during my first two years of piano study at music school. I noticed a lot of this, across many students and teachers, during the six years I spent earning my BFA and MM degrees.

I realize that I had a lot to learn and that constructive criticism is key to learning how to make a piece better. However, spending an inordinate amount of time on a piece and picking it to death is not the road to success.

Several Possibilities

When a piece isn’t getting better, it might come down to insufficient practice time. For a performance major in a degree program at a music conservatory, you’d hope that’s not the case. However, I find that often in school-aged children in my own private teaching. Sometimes a student gets to a particular point and doesn’t have the time or motivation to pick the piece apart further.

In many such cases, I’ll just suggest that the piece is put to the side for now. Typically, much work has been done, and the piece will be better approached with fresh eyes several months down the road. In the meantime, I might assign a similar piece by the same composer or era, since that can deepen understanding. Of course, there are times where we have to push to the finish. Then, I’ll try to help pick apart the most challenging spots to give the student that last push.

In some cases, I may have misjudged the difficulty. The student has really tried his best but just isn’t ready to make more progress. This sometimes happens with what I call stretch pieces, pieces that are intentionally assigned above the student’s current level. This can help the student to reach beyond her limitations, but it can also lead to a dead end. Even if the piece can’t be completed right now, it can always be reconsidered down the road.

Balancing the Load

Students tend to learn best when their repertoire is at a level that nudges them without overwhelming them. I often rely on graded repertoire books to help me do that. However, there are times when I want to push a student by intentionally assigning a level or two above where they are currently studying. I have tried this with transfer students if I suspect that they have not been challenged enough.

Part of balancing the load is to know when to assign pieces that are below the current level of study. I routinely suggest that approach at Christmas, where a student will want to learn several pieces in several weeks. There just isn’t enough time to learn at level, unless the student will be satisfied to learn one piece over several weeks. That’s a better fit for an advanced student who might be entering a competition or talent show and understands the benefit of working on a piece longer.

In Conclusion

It’s easy for a piano teacher to go into criticism mode and not see the bigger picture. There is an optimal path for each piece assigned to a student and it’s up to the teacher to sniff that out. Sometimes a piece is close to recital ready, and a student should be given another week to do better. Another student might be near his limits, and it’s time to call it. Good enough. Be honest and don’t sugarcoat, but also acknowledge the progress that has happened. Tomorrow is another chance to do better.

Last Updated 2021-11-22 | Originally Posted 2021-11-22

Lessons from My Website Hacking


I found my Website hacked on November 11, 2021, and spent half the night trying to recover it. I found this out by accident while I was doing some other maintenance. Before explaining more, here’s my setup: This WordPress instance is pre-loaded using what’s called WP Hosting. That means that I don’t have cPanel for this instance, which turned out to be a minor detail in how I proceeded. (I do use cPanel on a separate server that I use strictly for testing.)

Identifying the Issue

The type of hacking that I found is called a malicious redirect. It means that the hacker diverted my visitors to a ridiculous gaming site that clearly was not mine. What made the diagnosis difficult was that my admin panel seemed to be working correctly. I also was able to access my site since my browser was already logged in.

The only way I could test for this redirect as visitors experienced it was to access my site via a separate browser that I don’t have logged in for maintenance. I always keep a spare browser for testing, but I never considered it for this purpose since this is the first time I’ve been hacked.

Running Site Health under the Tools menu clearly identified the problem. I was a bit disappointed in the Sucuri security plugin because it didn’t alert me to the problem. It’s possible that the hackers diverted any emails it was trying to send, just like they made it impossible for me to restore my code from my backup software.

Relying on my Hosting Company

I have generally had a good experience with my hosting company, even though they are a smaller player that is not well known. The only issue I’ve found is that it can take a LONG time to resolve issues because they offer chat-only support. It often takes a while for them to identify the issue and get you to the person that can best help you.

My first instinct was to ask them to delete my current instance of WordPress, which I can’t do myself given that I don’t have cPanel access. Then I would have reloaded everything from a save point that was virus-free. They actually had a better solution, and in one fell swoop, disabled the malicious redirect by disabling all of my plugins.


From that point, I installed Wordfence, on the recommendation of my hosting company desk, and uninstalled Sucuri. It has a scanning tool that will identify and quarantine malicious code, much like a standard virus scanner.

I reloaded my code from a point before I suspect I was hacked, and that worked given that the malicious code didn’t prevent it this time. Wordfence also provides a firewall that automatically activates after a week of self-learning. When I saw that happen a couple of days ago, I was even happier.

More Cleanup

I invited this attack by having way too many plugins. In a few cases, I forgot what they did and why I installed them. My old method of discovering plugins with potential was to install first, configure later. Of course, I often never ended up configuring them. Now, I log any new plugins that I read about into an Evernote document that details all of my Website changes. That way, if I really want to try something out, I can do it when I have the time to configure it properly and test whether I want to keep it installed.

I uninstalled the most recent plugin that I installed, which I think was the source of the hack, and I deleted 10 others as well. Several other plugins are targeted for future elimination in that same Evernote document. I got some great advice from the community at Install plugins to solve a business need, not just because they’re fun to use. Less is definitely more when it comes to plugins!

Steps I’d Recommend to Prevent Being Hacked

  • Install only the plugins that you need. Remember that every plugin you install is like handing a stranger a key to your house and hoping they won’t abuse the privilege.
  • Keep a log of plugin or other configuration changes that you make. A plugin like Simple History will show you recent changes, but your own document will help you remember why you installed something and whether it’s still important.
  • Install a plugin that does automatic backups, if you’re not already doing so. Also, remember to do some secondary backups from time to time in a separate place, just in case.
  • Use Site Check from the Tools menu. It’s so easy to use and provides advice you should follow.
  • Install a good security plugin that will provide scanning and firewall. Wordfence does both in its free version.
  • Allow WordPress versions, themes, and plugins to update automatically. Hackers can exploit mismatches in these, or can get into your site through a recognized leak that is waiting for you to manually update.
  • Install a separate Web browser that you don’t normally use, and only use it for testing. Don’t log into wp-admin from it or it will be useless in this regard.
  • Rely on your hosting service to give you advice. They likely won’t solve your issues but will guide you along the way. If you’re just given a bunch of documents to read with no concrete help, ask to be boosted to a higher level of support.

In Conclusion

I hope my story can save at least one other person from getting hacked. In that case, it was well worth the time it took to flesh this out. I will update this document from time to time with best practices I learn along the way. Have you had any experiences of getting hacked? How did you deal with it?

One thing I didn’t mention was never a real possibility for me but should be considered nonetheless. The companies that make security plugins also have teams at the ready to clean infected Websites. The bad news? Prices start at $200 and go way higher. I wanted to learn how to recover from this so that I could be better prepared against future hacking attempts.

Last Updated 2021-11-21 | Originally Posted 2021-11-21