SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Zealot
    Join Date
    Sep 2008
    Posts
    189
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Wordpress Attack + Concerns

    I've been working on a website and got the base coded before I add the CMS but now I have concerns about using Wordpress. Today their was an attack on some wordpress websites (update if you havent!) and it has made me think twice about using wordpress as a cms since its used by so many ppl and im sure their will be more attacks in the future.

    Questions..

    1. Since this is for a client how should I prepare the website for these type of things?

    2. Another worry I have is the theme/website breaking during an update.. how do I avoid something like this?

    3. When using a plugin I would risk running into problems if the plugin doesnt work with a new wordpress version or if the author stops supporting it.. What would be the best way to deal with this?

    4. What are some plugins I would just have to get to use wordpress as a CMS to make it as friendly as possible for my client?

  2. #2
    Barefoot on the Moon! silver trophy
    Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,516
    Mentioned
    51 Post(s)
    Tagged
    1 Thread(s)
    There are a few plugins that you should use that can help prevent hacking attempts for most cases:

    Login LockDown: http://wordpress.org/extend/plugins/login-lockdown/
    WP Security Scan: http://wordpress.org/extend/plugins/wp-security-scan/

    And a few guides:

    http://www.smashingmagazine.com/2009...-in-wordpress/
    (pay attention to points #4, #5, #7, #8, and #9)

    http://sixrevisions.com/wordpress/12...for-wordpress/
    (pay attention to points #3, #5, #6 (this one should be address during setup anyway), #8, #10, and #12)

    There is some overlap between the articles, but I've found them to be good resources on what some of the good practices are for locking down your wordpress installation and preventing hacking attempts. I won't get into why certain techniques are recommended, as those are addressed in the articles better than I could rehash them here.


    For update breakage, I'd recommend *not* updating as soon as a major wordpress update comes out. Wait a couple weeks till the bugs get sorted out and for plugin developers to get their plugins updated for the new version. *Then* go ahead and update. Bottom line, let other people beta test for you

    For the minor updates & bug/security fixes, those can be applied sooner rather than later, since those typically don't break too much of anything.



    Unfortunately, yes, some developers abandon plugins. So, take a look at the popularity, the number of downloads, when it was last updated (or updated for which version of wordpress), and make a determination as to whether or not it is an actively used/developed plugin or not.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    SitePoint Guru
    Join Date
    Oct 2008
    Location
    Melbourne
    Posts
    754
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I get that "woo, don't use the popular thing" is no substitute for actual security concern, but never the less I think I'll be ditching WordPress for good. Its track record for security is really poor.

    Hello again, Movable Type...
    "I'm Commander Shepard, and this is
    my favourite post on the internet."

    We'll miss you, Dan Schulz.

  4. #4
    SitePoint Enthusiast
    Join Date
    Oct 2006
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by raena View Post
    I get that "woo, don't use the popular thing" is no substitute for actual security concern, but never the less I think I'll be ditching WordPress for good. Its track record for security is really poor.

    Hello again, Movable Type...
    I went and decided to go with wordpress and to be honest This might be my first and last time usin it as a CMS.. I hear clients love it but other then that the way the site has to be made just feels strange since its mainly a blogging platform.. Maybe I'll try Movable Type next time

  5. #5
    SitePoint Zealot cpace1983's Avatar
    Join Date
    Sep 2009
    Posts
    153
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Security through obscurity never works. The wp security plugin is a great plugin, and a sensible security approach makes way more sense than going with a less extensible CMS.

    Just my opinion. I run wordpress for a reason- it's clean and easy to use. I've worked with b2evolution, wiki, etc- and always come back to wordpress for my CMS needs.
    I am a Freelance Linux Consultant.
    I offer flat rate Linux support, as well as hourly support.
    Feel free to visit my blog, Ramblings of a Linux Administrator.

  6. #6
    Barefoot on the Moon! silver trophy
    Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,516
    Mentioned
    51 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by iii View Post
    I went and decided to go with wordpress and to be honest This might be my first and last time usin it as a CMS.. I hear clients love it but other then that the way the site has to be made just feels strange since its mainly a blogging platform.. Maybe I'll try Movable Type next time
    Its original purpose was certainly centered around blogging, but it has evolved to be applicable for several different things, especially when you include the large base of plugins available and the ease at which it can be customized.

    I always thought Movable Type was closer to being more of a strict blogging platform rather than learning towards the CMS world.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  7. #7
    SitePoint Zealot jungerpants's Avatar
    Join Date
    Nov 2003
    Location
    Washington, DC
    Posts
    128
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Things like this will always happen, especially with such widely-used software. Hello, Windows?

    Be prepared and upgrade when needed.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •