Results 1 to 8 of 8
Like Tree1Likes
  • 1 Post By Shenron

Thread: STOP updating Wordpress and concentrate on security

  1. #1
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts

    STOP updating Wordpress and concentrate on security

    Really, this is getting on my nerves...

    The fact that WP is free doesn't justify that their team keeps updating the software over and over with bullshit features and keeps ignoring the fact that they need to perform some decent testing on many major security issues.

    Security�Incident — Blog — WordPress.com

  2. Thanked by:

    m42 (15 April, 2011)

  3. #2
    iowadawg's Avatar
    iowadawg is offline Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,148
    Blog Entries
    4
    Thanks
    171
    Thanked 365 Times in 314 Posts
    Well, all I can say is, don't use wordpress.
    LOL

    But he does make a point on usernames and passwords.
    And to add what he said.
    The default when you install wp via cpanel for the database is always wrdp1 and the user is always wrdp1.
    Wonder how many people do not take the time to rename the database and user?

  4. #3
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    And who the hell created those defaults? Ah yes, the WP team...

    I do care about usernames, passwords, etc, in fact I'm a security maniac, anyhow I still think they're providing a terrible service to the community as they keep updating their software with crappy stuff instead of consolidating what they have, specially security wise.
    tetrapak likes this.

  5. #4
    Hellas's Avatar
    Hellas is offline Very Unusual Member
    Join Date
    Dec 2008
    Location
    Bosnia
    Posts
    1,051
    Thanks
    214
    Thanked 292 Times in 205 Posts
    These plugins and/or options should be integrated with the Wordpress.

    Limit Login Attempts

    Disable Password Reset

    Bulletproof Security

  6. Thanked by:

    icemannn (17 April, 2011), iowadawg (14 April, 2011), m42 (15 April, 2011), Sami4u (14 April, 2011), Shenron (14 April, 2011), TopDogger (14 April, 2011)

  7. #5
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,314
    Thanks
    178
    Thanked 309 Times in 236 Posts
    Since WP is open source with an active hive (ha ha tying to coin a phrase) of contributors, I suspect that it will forever be updated along with all the plugins, and to a lesser extent, the themes.
    Otaku CMS - Import a WordPress blog and manage your site using single-page App technology
    Angular Skills - new site about Front-end App. programming

  8. #6
    Aziz's Avatar
    Aziz is offline no investment, no glory
    Join Date
    May 2009
    Location
    IL
    Posts
    736
    Thanks
    588
    Thanked 243 Times in 168 Posts
    I totally agree with you. my website was hacked a couple of times (tho nothing critical) I managed to restore everything and block access to wp-admin
    now I have to reconsider using something else

  9. #7
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,314
    Thanks
    178
    Thanked 309 Times in 236 Posts
    I'm using concrete5 CMS for non-blog sites. This is not regularly updated (because it doesn't need to be), and all the plugins and themes get scrutinized by the developers before being listed in the market place.
    Otaku CMS - Import a WordPress blog and manage your site using single-page App technology
    Angular Skills - new site about Front-end App. programming

  10. #8
    TopDogger's Avatar
    TopDogger is offline Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,107
    Thanks
    350
    Thanked 919 Times in 703 Posts
    Quote Originally Posted by Shenron View Post
    The fact that WP is free doesn't justify that their team keeps updating the software over and over with bullshit features and keeps ignoring the fact that they need to perform some decent testing on many major security issues.
    I've met several of the WordPress developers through Word Camp. Based upon my experience, these guys are not security people. Most of the security fixes that they add to updates come from reports from contributors outside of their circle. Yeah, they are way too focused on adding bells and whistles that users really do not need. My impression is that they are constantly striving to push the limits of their programming skills. For the most part, they have done a good job with that and we can't complain about the price.

    Most of the updates in recent years have included numerous security fixes. WordPress security is a lot tighter than it once was, but when you are dealing with open source code any really good hacker can find some way to break in.

    If you adhere to good security "best practices" to harden your sites, you will probably never have a problem. I have several WP blogs and have never had anyone break into any of them. If you have you have a VPS or dedicated server, a firewall is something that is absolutely necessary. You can use the best security practices in the world with your web site, but if the server security is lax, it won't protect your sites.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  11. Thanked by:

    Andy101 (23 April, 2011)

Similar Threads

  1. Wordpress 3.0.2 Out - Security Update
    By Snak3 in forum Wordpress
    Replies: 4
    Last Post: 10 December, 2010, 02:13 AM
  2. Wordpress Security Plugins
    By weirdnessme in forum Wordpress
    Replies: 3
    Last Post: 22 October, 2009, 18:37 PM
  3. [WTS] PHP Security Audit (by a PHP Security Expert)
    By SeriousBiz in forum Services
    Replies: 0
    Last Post: 2 August, 2009, 08:12 AM
  4. Do you concentrate on offline promotion?
    By Brandon in forum Promoting
    Replies: 17
    Last Post: 20 May, 2009, 14:58 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •