Posted 1 year ago #
What do you think of this thread/comment on Adobe Dreamweaver Forum?
It gives me a little shiver of anxiety.
I really love WordPress and follow advice as best I can on security so I do read and do stuff even though some of it is beyond my tecnical ability. But this thread bothers me a bit.
Martin
Posted 1 year ago #
(Reaches for soap-box and climbs on top.)
That post that you linked to? It's needless hyperbole. If it's beyond your technical level to support a site, then WordPress.ORG self-hosted software may not be a good fit for you.
Any self-hosted software on the Internet requires that you (and I mean you, You, and especially YOU) have to keep everything up to date.
That means not just keeping WordPress current: you need to keep up to date your PHP, MySQL, server software, file permissions, read security bulletins, etc. and keep abreast of what's new for your platform. That means WordPress and your entire hosted environment.
Self-hosting anything (including WordPress) means you have a job to do. WordPress is very popular and it makes a tempting target due to it's broad distribution. Any complex software will have exploits. That's unavoidable and anyone who says otherwise wants to sell you something. Some of those exploits will be minor, some will be "UPGRADE NOW OR DIE!!!"
What makes WordPress very good is that it's open and well supported. When an exploit comes out that requires a patch, a patch gets tested and rolled out quickly. While people have a tendency to blame others for their exploited blogs, it is usually because they didn't do their job.
But no released patches will make you do the work and upgrade to the latest version or keep you secure. You have to do it. And if someone writes a truly bone-headed plugin or theme, there is nothing WordPress.ORG can do about it. You need to either remove that plugin or lose that theme.
This is why hosted blog platforms are around and are successful. They do the work in the background and you don't have to do a thing except write content. You don't have to worry about the man behind the curtain, he does all the work for you.
Sounds daunting? It could be but it's also satisfying to be self-sufficient and is a challenge. I'm not trying to put off people from installing WordPress and running their own site. But I am trying to make you understand that if you expect to install any self-hosted platform then you need to do work and keep yourself secure.
Posted 1 year ago #
Thanks for your response.
I'm quite aware of the responsiblities of hosting a WordPress site and beleive me, I do my damndest to stay on top of things. I have a couple of hosted sites and a couple self-hosted.
My reason for posting the thread is the occaisional bit of "bad press" that I see WP getting. Some people are concerned. The Adobe forum is a pretty serious place to discuss stuff, and some of the people there are pretty knowledgeable (including the person who posted the bit about the hacking of a freind's site).
Martin
The pziecina post just looks like spreading FUD to me. Essentially appears to be groundless accusations of insecurity, backed up by a "test" of which we are given zero details. (E.g. it's fairly easy to hack a WordPress install if you have root on the box concerned.)
Any large piece of software of course increases the attack vectors onto a server, but the WP dev team work hard to keep the package as secure as they can.
This topic has been closed to new replies.
