PDA

View Full Version : Wordpress & Security Concerns



decryption
4th July 2008, 07:08 PM
We're undecided on moving to Wordpress to power the front page of MacTalk - some people are in the camp of Wordpress is insecure and if we install it, we'll inevitably be hacked. However others think that the latest version of Wordpress is quite secure and many other high profile sites use it with no security breaches so far.

Our alternative is vbAdvanced (http://www.vbadvanced.com/): (which is what we do now and integrates with vBulletin obviously)

What do you guys think?

RGSX12
4th July 2008, 07:10 PM
I think it's a good choice to move to it. It's a solid system that I think will do a good job of managing the news. Regarding security, I know fair few high profile sites that have never had a security issue/hack. My new site that I am in the progress of building will be powered by WordPress :thumbup:

Peter Wells
4th July 2008, 07:21 PM
wordpress has become the dominant blogging platform, and like any dominant platform, has become the target of hackers.

Wordpress is fine, as long as you follow the same security measures you'd use for anything else. Strong passwords, keep up to date, only install trusted plugins, etc..

sunrisesister
4th July 2008, 07:53 PM
three thumbs up (wahey!) for WP from me. But it all depends on if the work is all worth it, i guess.

adamd
4th July 2008, 08:15 PM
If you're worried about that, head over towards Drupal or an actual CMS.

MichaelQ
4th July 2008, 10:03 PM
Recent version of Wordpress had a pretty big security problem. Was fixed but did cause a lot of problems - still is as a lot of "hacked" sites that were patched but the hacker had left themselves access.

Still I don't know of any platform that has a 100% reliable record for security. Wordpress is a big target and any vulnerability exposes millions - the Windows effect basically.

If the front page is just news / blog - then there really isn't anything that would really be effected long term. If it was hacked then you recover and start again.

bennyling
4th July 2008, 10:13 PM
Wanna post a how-to keep WordPress secure for the rest of us WordPress noobs?

Would be useful :D

I'm no t the one to know about MySQL injection hacks or the like, I'd sure appreciate a tip or two :D

Jordan M
4th July 2008, 10:22 PM
Wordpress is fairly secure, I used it when i used to blog with no issues.

reemixx
5th July 2008, 03:01 AM
I say go for it. Probably the easiest way to go about it, if it's just for the news and stuff on the front page, where each item is an entry. Wordpress is secure enough these days. As fulltimecasual said, the dominant platforms are always the most targetted by hackers, but I wouldn't stress about it too much. I like WP, it's good :)

Otherwise, there's always Drupal, Joomla, etc.

decryption
6th July 2008, 04:52 PM
Just a little bumpage :)

matthew858
6th July 2008, 04:59 PM
I am going to be different and go for the support of vBAdvanced. If you already know how to use this, then shouldn't you continue? Unless you just wanted to try out Word Press or know somebody who knows Word Press like the back of their hand (Have been using a lot of cliches lately). My 2 cents.

Atomac
6th July 2008, 05:51 PM
What you have works. I like wordpress for my own blog but if you have to create your own WP theme then it may add complications.

My opinion if it ain't broke, don't fix it.

Edit: Since you are changing designs then hey, why not use WP.

decryption
6th July 2008, 06:13 PM
Read this: Movable Type: Movable Type: A History of Security (http://www.movabletype.com/blog/2008/06/movable-type-a-history-of-secu.html)

Not exactly unbiased (it's on the Moveable Type blog), but it does have some good stats vs. Wordpress

andrew.wilson
6th July 2008, 06:18 PM
My opinion if it ain't broke, don't fix it.

As someone who uses the front page a lot, I would argue it is broken. Making content look good with regards to alignment etc. is an absolute pain with VB. That has a lot to with the current layout as well though.

marc
6th July 2008, 07:00 PM
Read this: Movable Type: Movable Type: A History of Security (http://www.movabletype.com/blog/2008/06/movable-type-a-history-of-secu.html)

Not exactly unbiased (it's on the Moveable Type blog), but it does have some good stats vs. Wordpress
Interesting comment:

"This entry is highly misleading, perhaps due to a lack of understanding on your part about how the NVD works.

The "vendor" search for WordPress includes all third-party plugins. As there are thousands more plugins for WordPress than Movable Type this will obviously skew the numbers, making your comparison factually incorrect.

As an illustration I went through the CVEs for 2008 that listed "WordPress" as a vendor and found only 3 that applied to a core version of WP. A full 35 didn't even mention WordPress at all, they were just about plugins.

In light of this info, many of the conclusions you come to by citing this data are tenuous at best, and I would suggest axing your graph entirely until you've personally gone through the past 4 years of CVEs and verified them as actually applying to WordPress."

I think WordPress is pretty good, provided you keep up with updates.

El Guardo
6th July 2008, 07:06 PM
Peruse Khoi Vihn's Subtraction (http://www.subtraction.com) for commentary on Movable Type. It's not exactly flattering...

bennyling
23rd July 2008, 04:18 PM
I think WordPress is pretty good, provided you keep up with updates.

QFT. Apparently, this is of paramount importance.

There is a blog that maintains a list of Wordpress vulnerability:

BlogSecurity Blog Archive WordPress BlogWatch (http://blogsecurity.net/wordpress/blogwatch/blogwatch/)

Now I'll never put off upgrading Wordpress ever again :o