Why would anyone want to enter their ftp credentials on an unknown third party site over an apparently unsecured connection to install a web application that can’t be verified for authenticity prior to it’s installation?
“WARNING: I’m not responsible for any problems that might occur. No support is given as you will not need it.”
Given my first question, why should anyone find that statement acceptable?
[edit]…and that page seems to be teetering dangerously close to being (accidentally) deceptive in its purpose and appearance. Any thoughts?
Your FTP credentials are not kept what so ever, no cookies are created. Support will be given by replying to this forum post if needed.
I may not have communicated my thoughts as well as I thought I did, so I’ll try to be more direct this time.
1) What manner of security are you using to protect confidential user data, both during and after the ftp credential submission process?
2) Why would you ever expect anyone to submit their ftp login and password credentials on your site, in an insecure manner, for any reason whatsoever?
Your FTP credentials are not kept what so ever, no cookies are created.
I already saw the statement on your site…
“Update: 23/01/2011
Just to let you all know that none of your submitted details are kept when using this service.”
3) Explain to us (everyone) as potential clients, why anyone would or should believe that. Just because you say it’s “safe”?
4) The page you linked to might easily be thought of as misleading on the merits of its familiar appearance alone – if it ever lulled visitors into thinking that they were on a page that is a part of, or endorsed by, WordPress or Automattic – which (as far as I know) it is not.
“…that page seems to be teetering dangerously close to being (accidentally) deceptive in its purpose and appearance.”
So I’m still wondering… as a responsible developer who desires others to use a service you have created, how do you respond to those thoughts?
At this time I can not tell you 100% that the site is safe and secure but as a developer my self all I can say is that I would not do anything to put a users details in jeopardy. I have and still make improvements to the site to make sure that your information is not stored or transferred to any other location. The users ftp connection is closed once WordPress has been uploaded to the users server along with the zip extractor. These files can be viewed in the designated folder were the user has uploaded WordPress too before the user continues the setup. These files are also removed along with WordPress zipped up once the setup is complete.
At this time I can not tell you 100% that the site is safe and secure but as a developer my self all I can say is that I would not do anything to put a users details in jeopardy. I have and still make improvements to the site to make sure that your information is not stored or transferred to any other location.
I appreciate your honesty. I think your statement alone should be enough to convince you as a developer (as well as anyone who would consider using your service) that at this time, your service may not be ready for exposure in a production environment.
What are your thoughts on the possibility of encountering copyright or brand-confusion issues? ( other than changing the color of the wordpress logo )
…that page seems to be teetering dangerously close to being (accidentally) deceptive in its purpose and appearance.
The page you linked to might easily be thought of as misleading on the merits of its familiar appearance alone – if it ever lulled visitors into thinking that they were on a page that is a part of, or endorsed by, WordPress or Automattic – which (as far as I know) it is not.
I have put a clear warning saying that the site is not part of, or endorsed by, WordPress or Automattic and that all copyrights of WordPress are reserved by Automatic. No one is forced to use the service site, I simply created the site because a lot of people are wanted a service like this to use. An email had been sent a few days ago to Mr. Matt Mullenweg explaining the service site and still awaiting a reply.
Thank you for taking the time to answer my questions. Good luck to you!
WordPress Online Installer has made some great improvements.
First it has it’s own domain now. http://www.wpsetup.org
Second it can install the latest version or nightly builds.
Third it can install WordPress in any language available.
Fourth you can setup your config file the way you want it.
The custom setup allows you to customise your ‘wp-config.php’ file. Increase memory, setup trash, autosave and revisions, enable networking, enable debugging mode and more including deleting the wp-config-sample.php file once complete.
I hope to update the video soon and add SSL once I can afford it. Donations are appreciated.
