Support » Fixing WordPress » Least terrifying way to make a public blog

  • Resolved Doodlebee


    Hey all – I have a question for you, and this one is for a paid client that I’m designing for. (Just wanted to make that clear up front, I am getting paid for this one.)

    This client has a daily radio show that generates quite a few questions and interest in his blog. He’s revamping his site right now, and he wants to add a WordPress installation that he calls the “Listener Blog”. What he *wants* is scary to me, but I’m trying to figure out a way to give him what he wants without compromising his server and site safety.

    So, what he wants is a blog where people can subscribe, login in, and have the ability to write posts and upload files. To me, that’s terrifying – he wants the *general public* to have this access. So anyone who subscribes would be given immediate “author” status. I’ve explained the risks of that, alone, and that if he *seriously* wants to do this, he’s going to need some kind of full-time moderator to be sure stuff doesn’t get compromised.

    I don’t think he wants to spend the money to go that route, but he still wants this stuff to happen. I’m fairly familiar with the “Role Manager” plugin, and I planned to use that to help with these issues, but I was wondering if there were any other plugins out there that would …I don’t quite know how to put this. I know I can make posts be forced into moderation, so that *anyone* who writes a post has to have it approved by the admin before it’s made public. I can’t remember if Role Manager does this or not, or if WordPress itself has an option for this. So if someone can refresh my memory on that, I’d appreciate it (and if they don’t, what plugin *does* do it?).

    But the files are what scare me the most. Worst-case scenario, I can see some jerk uploading a virus or something that’ll tear through the server while everyone’s sleeping, and by the time the moderator gets to it, it’s way too late. So I was wondering if there’s some kind of “queue” system/plugin? Probably not, I guess, because the files would have to be uploaded to the server. But I’m kind of thinking like, when someone makes a post and uploads an image, that when WordPress sends it to moderation it would send an attached file to the moderator, rather than saving it to the server. Then if the mod deems it appropriate for the site, they can upload it themselves or something. At least then, then damage would be restricted to the mod.

    I don’t know if I’m nuts, but I’m just trying to see if there’s a way to give this guy what he wants. I think the *posting* part I can handle, but the file thing just makes me queasy. So if anyone has any ideas, workarounds, or experience with this kind of thing, I’d appreciate some advice on how to handle it. (I’ve already tried talking him out of it, but he really wants this.) I’m even going so far as to ponder the possibility of having some kind of separate form in the posting area that would use the mail() function – you could post the text, but the form for uploading images would email the image directly to the mod – I guess that’s a possibility, and I could restrict filetypes…Is there anything out there like that?

Viewing 9 replies - 1 through 9 (of 9 total)
  • I don’t see how a file waiting in moderation would ‘tear’ through a site before it gets moderated. It isn’t any more active than the message. If the file can’t be linked or run until after moderation you are safe. However I would use a good anti virus that ideally scans the file upon upload but at least scanned before posting. This would require some control or access at the server so that the appropriate scripts can be accessed. Best setup is your own server, dedicated server, or full control virtual machine. A Linux server can do all this and more without any fancy GUIs.

    So he wants to pay for the site but not for the daily upkeep? Even his car needs maintenance if it is to remain safe. He should budget for human moderation, it can’t be totally automated.

    As for plugins I can’t help much there but am confident that WP can do the job with the right planning.

    If the file can’t be linked or run until after moderation you are safe.

    Excellent – good to know. I was just afraid someone could…I don’t know, log in and post some code that would attack something, or upload something nasty that, once it hit the server, it would start chewing through everything.

    But yeah, I have the same feeling – if he wants this type of thing, he should be willing to pay for moderation of it, be it his own time or paying someone else to do it (I’m not a moderator LOL).

    But thanks for the tips, that helps things a little bit 🙂



    Forum Janitor

    Well, there is potential for malicious activities. Once a file is uploaded it is then living on the server, so it could be then used to “run” on the server, in the context of whatever user runs the web server services. The uploader would need to know the address of the uploaded file, but I expect uploading gives you that info.

    My thoughts on this,

    first WP Upload has a limit on the file-types, you can set it in the admin. I don’t think it is foolproof, but it should help limit most users to only uploading,say, JPG, GIF, and mp3.

    second, an outside-the-box approach: Just get the guy a second server (hosting plan), totally separate from the first. A 2nd hosting plan will cost less than hiring a moderator: under $10/month probably. I can’t guarantee this makes you any safer, but just in case something happens: only the Listener Blog would go down, not his other site. You can keep frequent backups (perhaps using the Database Backup plugin and a Chron job, and/or running a chron via your host to backup the whole site/folder), so you can always restore if there’s a problem.

    Once a file is uploaded it is then living on the server, so it could be then used to “run” on the server, in the context of whatever user runs the web server services.

    How would that file “run”? It isn’t an attachment to a crappy email app or some desktop application that could be fooled into running it. unless the file is fed into a process that could execute a file under *any* circumstances it isn’t going to happen. The danger is posting the file that could be malicious and that danger is to the downloader not the server. You have to attack the server which could happen without any posting rights or even having WP at all.

    My fear would be a cheap owner that thinks a one time payment buys perfection forever.



    Forum Janitor

    How would that file “run”?

    It would run by someone (IE the uploader) executing it by loading the uploaded thing into their web browser. If the uploaded thing then contained server-executable code, it would be executed. (As it would be living on the web server.)

    (That is unless I am mistaken and WP doesn’t actually upload its uploads to the web server directly.)

    EDIT –

    Well, I am mistaken, WP doesn’t let you upload any old rubbish. 🙂

    Thanks again, all – this is definitely going to help a lot. I have a phone call with this client to go over all of this stuff tomorrow. The ability to upload *anything* makes me nervous (and I should say that the guy isn’t cheap – he’s paying a pretty penny for this site, and he’s got 16 WP installations so far for this place alone. Long story as to why – but I’m one of about 15 people working on this site, my job is the blogs. So he’s definitely not cheap, but he would like to remain within a budgeted amount, and his show is publicly funded (NPR)).

    But anyway, if I *can* limit what’s uploaded to only images and sound files – that’s actually perfect. I guess one of my big fear is someone logging in and writing code directly into the post area, and somehow manipulating the database and compromising the server itself – but I believe the newest release of WordPress just took care of that issue.

    I’m going to look further into these restrictions – it may be that WP has what he wants by default, and that would be cool.

    EDIT: cool. I actually found a plugin that will have a user-interface for editing what Mime types can be uploaded. This might be what I need – just thought I’d mention it in case anyone else needs this.

    By the way, I thought WP had an Option for setting the Upload-able file-types but I just checked and WP 2.2.2 doesn’t seem to have it (under Admin > Options > Miscellaneous). I can’t recall for sure if that was in a previous WP. I am glad you found a plugin for it.

    Doodles, just keep good back-ups so you can always restore. You have a cool project going, it sounds like. You never know about the security, even of regular WP with 1 author. You notice they come out with ‘security fixes’ from time to time… it would be great if 2.2.2 fixed everything but it’s questionable

    Have you read this page? Has security tips

    Thanks for that Gold – I’ll definitely look into that link and see what else I can do to keep it all safe. I do think it’s all getting worked out though, the more I look into this, the more it seems feasible to do. (And they *did* get someone to moderate, so that will help as well!)

    Thanks a bunch all 🙂

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Least terrifying way to make a public blog’ is closed to new replies.