1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Why WP is a piece of ?

Discussion in 'WordPress' started by ezguy, Apr 25, 2015.

  1. #1
    I had 5 wp sites with good content,

    and all got hacked and filled with spam :(

    what is better than WP ?
     
    ezguy, Apr 25, 2015 IP
  2. billzo

    billzo Well-Known Member

    Messages:
    961
    Likes Received:
    278
    Best Answers:
    15
    Trophy Points:
    113
    #2
    Keep in mind that there are a lot of ways to get hacked, including Wordpress plugins and through your hosting account itself. As for "what is better" than Wordpress, it depends on what you want to do. If you are looking for a blogging script or light CMS, you could see this list I found searching Yahoo for "alternatives to wordpress".

    http://www.smashingapps.com/2015/02/20/12-free-cms-alternatives-to-wordpress.html

    You are not guaranteed to never get hacked with any open source script. Are your sites site to auto update to latest security releases?
     
    billzo, Apr 25, 2015 IP
  3. COBOLdinosaur

    COBOLdinosaur Active Member

    Messages:
    515
    Likes Received:
    123
    Best Answers:
    11
    Trophy Points:
    95
    #3
    What is better is you learning to write your own code. As long as you use off the shelf crap you open yourself up to security issues, because as soon as a hole is found it gets posted on the hacker sites and thousands of hackers are out attacking every other site using the same software.

    There is no such thing as a site that can't be hacked, but it is a lot easier for hackers when they can download the software for WP, or any other crap collection. If you do your own coding then the hackers do not have the code to explore and play with; to find and exploit a hole. If you think writing your own code is too much work, then you have no clue what real development is. There is nothing easier over the life of a site then having absolute and unlimited control of all aspects of the site during maintenance, fixes and enhancements.
     
    COBOLdinosaur, Apr 25, 2015 IP
  4. jscott99

    jscott99 Well-Known Member

    Messages:
    98
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    100
    #4
    Were you upgrading quickly to all the newest versions of WP? That is important for any CMS
     
    jscott99, Apr 29, 2015 IP
  5. Road2Sale

    Road2Sale Peon

    Messages:
    7
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #5
    Hire someone you can trust to fix the security issues - there may be more issues than you think
     
    Road2Sale, Apr 29, 2015 IP
  6. danielbruzual

    danielbruzual Active Member

    Messages:
    906
    Likes Received:
    57
    Best Answers:
    0
    Trophy Points:
    70
    #6
    As stated above, you always run the risk of being hacked. However, there are two types of attacks, targeted and generic. If someone specifically attack you, or one of your sites, and they are persistent enough, they will eventually find a way. Protecting against this is of course more time-consuming.

    The other form of attack, which could be performed by bots looking around for sites made with WP, are easier to protect from. The trouble with opensource software is that once a security bug is found and patched, the information becomes available online, leaving any users that haven't updated exposed to those vulnerabilities. This will be the case with any open-source CMS. It is much easier protecting against this type of attack, just be sure to keep your site up to date, and do regular backups, so in case you do get hacked, you can get back online quickly.
     
    danielbruzual, Apr 29, 2015 IP
  7. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,998
    Best Answers:
    253
    Trophy Points:
    515
    #7
    Generally speaking I've yet to see an off the shelf solution be it CMS like wordpress or Joomla, where security in them was worth a flying purple fish. As @COBOLdinosaur implied, it may be time to man up, put on the big boy pants, and spin your own custom solutions.

    I don't advocate the use of a LOT of the technologies that people are just sleazing together websites any-old-way with, and it really sounds like you are encountering EXACTLY why!

    Even just looking at the front end of the majority of what people crap out using things like turdpress, bootcrap and jQueery is so terrifyingly bad from JUST a HTML standpoint, that you have to question if the people working on the back end are any more skilled than those working on the front-end, and usually it turns out to be WORSE.

    Just look at the outright idiocy Turdpress does of putting the SQL username, password and hostname into DEFINE -- if you don't know what's wrong with that, you're not qualified to CHOOSE a CMS, much less be developing one.

    That said there's a LOT to learn if you're going to spin your own -- it's why so many people just sleaze out existing solutions any old way and blindly hope that it works, sooner than later encountering the exact same problems you are now. In many ways it's the same "I want it now, now, NOW!" mentality you'd more expect from toddlers than adults that leads to other bits of societal idiocy like money-lending. The so called "credit mentality" of "pay more later for something you can't afford now" is NOT a plan for success, even if dipshits like President Odumba calls credit the "Life blood of the economy" -- Peter Schiff is right on that one, it's not the life blood, it's freaking CANCER.

    In that same way unrealistic expectations of development time, unrealistic expectations of how "easy" it's going to be do to, and just plain naive wishful thinking are responsible for why so many websites fail in their first year, and if they do survive never amount to anything more than being an expense, or requiring so much time investment you'd make more money flipping burgers for a living on the same number of hours.

    So again, it might be time to consider moving away from off the shelf solutions, particularly if you are finding yourself to be a popular target.

    THAT SAID, IF you insist on sticking with off the shelf solutions, @jscott99 pointed out something important, STAY UPDATED!!! Every update is basically the same as publishing security flaws, so the longer you go without updating the software the more likely you are to get hacked. This goes for under the hood as well with your php versions. Sadly many shared hosts don't update that frequently enough out of fear of breaking client's sites, but failing to do so just leaves those sites open to being hacked!

    Likewise, try to avoid plugins/mods/extensions/whateverThey'reCallingThemThisWeek as if you take the time to look at security vulnerabilities you will find that as of about five or six years ago most of the exploits come not from the core CMS being used, but the plugins. This is due to the fact that most people writing "cool plugins" don't know enough about the internals of the system they are changing much less anything remotely resembling security to be writing said code. That's the "for people who know nothing about websites, BY people who know nothing about websites" idiocy in action.

    You also have to be very careful about third party code that sinks it's tendrils too deep into the system, as that can often neuter your upgrade path. A decade ago with phpBB2 it did so little out of the box EVERYONE ran dozens and even hundreds of mods that broke the ability to upgrade it... so naturally when an exploit was found it led to a PERL based worm that exploited GOOGLE and phpBB in sync to take out most any server even hosting phpBB sites; as in the WHOLE server including shared hosting accounts that weren't running phpBB. Then people wonder why I don't think PHP should be allowed to write to .php files.

    On that wikipedia article, pay close attention to "The phpBB Group had released a patch for the vulnerability a month before the attacks, in phpBB 2.0.11" -- many people couldn't / wouldn't upgrade to that because it broke their plugins/mods/extensions... and that's why to this day I don't trust plugins/mods/extensions in CMS or forum software.

    So you have two real choices, avoid modding off the shelf, or learn enough to spin your own safely. Anything else, and, well, you've already seen what happens!
     
    deathshadow, Apr 29, 2015 IP
  8. NetStar

    NetStar Notable Member

    Messages:
    2,471
    Likes Received:
    541
    Best Answers:
    21
    Trophy Points:
    245
    #8
    Are you sure you were hacked due to a WordPress vulnerability? If you aren't certain (ie. know exactly how they did it) then you can't blame WordPress. Also WordPress like any other popular CMS needs to be updated on the regular basis to insure you are always on the most stable and safest version.

    As for spinning your own solutions... I advise against it. If it's just a blog or a "simple" web site you are creating WordPress is absolutely fine. No sense in spending countless hours/days/weeks/months/years developing a backend system to do exactly what existing systems do. Being a smart developer is knowing when there is a need to develop and when there isn't.

    As for deathshadows post about jquery etc. I can agree....but I also think some of the fancy schmancy not needed crap/bloat can absolutely enhance the viewers experience.. Therefor I am a fan when it's used with in reason.
     
    NetStar, Apr 29, 2015 IP
  9. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,998
    Best Answers:
    253
    Trophy Points:
    515
    #9
    Quite true -- there are other points that may have been the hole like compromised FTP or even another account on shared hosting; or as I said it might not be WP itself so much as a plugin/mod/extension/whatever that was added to it. Again you look through the CVE list for wordpress you'll notice that pretty much ALL of them for the past five years say "plugin" this or "plugin" that or "plugin" some other damned thing! It's why I mentioned plugins so heavily and why I have a distrust of them.

    Though with turdpress' utter and complete lack of internal security practices, once you have a hole in a plugin allowing code elevation, you pretty much have the keys to the whole kingdom which is why when WP gets pwned, it gets utterly and completely pwned to the point you REALLY better hope you make regular backups! Also why I'm NOT a fan of live content editing/addition or worse code editing online for static parts of a site, you download, edit and upload you automatically have a backup!

    Hence why Wordpress was awarded that pwnie for M4ss 0wnage back in 2008. -- it's made great strides since then on hardening the shell -- particularly from 3.x onward -- but it's still a scrambled mess inside that shell hence why like EVERY other 'off the shelf' solutions I would NOT be comfortable with suggesting that ANYONE use them for anything more serious than a blog for grandma. That ANYONE would be igorant enough, dumb enough, or gullible enough to use ANY of them for a real business website connects a 500 PSI air supply to one of my ears to blow my brains out the other side. ABSOLUTELY mind-blowing... but as I've said NEVER underestimate the wishful thinking of the average person who wants a website without knowing what that really entails if you want to be anything more than "also ran" status.

    But often that comes down to "are you running a serious business with proper planning and financial expectations, or are you just sleazing it out fast to try and make a quick buck like you were participating in a late-night TV make money fast scam?"

    To me crapping together off the shelf templates in off the shelf CMS in utter and complete ignorance of what HTML is, what CSS is, why they exist and what a website is supposed to be for falls squarely in that latter category of the "make money fast" scam artist BS.
     
    Last edited: Apr 29, 2015
    deathshadow, Apr 29, 2015 IP