Hi All, I am planning to use WORDPRESS for a very huge website.(Lets say - 1,00,000 pages) I would like to know if WordPress is more prone to hacking issues. If you are using WordPress, can you please update me with the security issues you faced off-the-late. Also if you are a BIG site (using WordPress & having thousands of posts) owner, please advise on whether I should go ahead using WordPress for a huge site ? Will there be any performance problems or related problems ?
WordPress offers lots of updates as soon as they spot a vulnerability and fix it. As long as you adhere to typical security configurations and update WP when they are released you should be ok. WP can be used for any size of site though if you don't have things configured right you could experience lag. For a site your size I'd assume you are planning to use a dedicated server?
I've had no problem with WordPress hacking, but I've seen a few sites that got hacked simply because they were not upgraded to the latest version. WordPress is a pretty solid platform as long as you keep up with the updates. CNN and Wall Street Journal are just two of the big shots running their sites on WP.
Yes you need to keep a track on software upgradation. Since WP is very popular it gets much more attention of hackers than required. WSJ and CNN blogs are on WP not the whole site.
The fact that these two are *not* using other blogging platforms should tell us something about WP's technical worthiness when set up properly. No CMS is totally secure, unless God himself created one. WP is close to godliness. Let me add this -- so far my experience in cleaning up a hacked WordPress site has been relatively easy as long as you have your database backed up regularly. Most of the time they were not done to deface the site, but rather creating illegal backlinks to the hacker's site. I've seen worse things happen to Joomla and Mambo where script injections are concerned, those things were totally transformed.
WordPress is not so secure...it can be bruteforced cuz it tells if the username is wrong (if so anotehr can be tried) or the password is...so use this plugin: http://www.bad-neighborhood.com/login-lockdown.html as it can stop bruteforce attacks...
You have to really really be diligent with the upgrades whenever they come out, which is so bloody often that I am now slowly migrating all my sites to Drupal. I have had websites that I upgraded to the latest WP version and still got hacked, and only the WP sites on the server got hacked! For such a big site as you're planning I would be tempted to go with something besides WP, but at the end it's all a matter of your personal preference.
But from where are you getting templates (themes) for Drupal ? I did not find even one outstanding template so far for Drupal.
Well, this seems to be the biggest gripe against Drupal, that it doesn't have many themes. I tend to disagree. My top places for themes are the drupal website http://drupal.org, http://www.roopletheme.com/, and http://themegarden.org. If I don't find a theme I like, I have two approaches: Either I take one of the themes from these websites and modify them to my needs by playing with the css, or I create my own themes, either porting them into Drupal or creating them from scratch. Starting from the Zen theme it is easy to create your own theme. Ofcourse you can pay someone to create the theme for you also. I think Drupal is well worth the effort, for the power, functionality and stability I get I don't mind going the extra mile for the theme
Even I was more interested in Drupal only. But then, I heard an issue. Drupal can support high number of guest visitors. However, if more members login, then there is no performance optimization and so it may run the server down due to heavy load. I don't know it's true or not. But I got this feedback from a Drupal user. I was trying to create a user community. So I had to think twice, because I may have 1000 members logging in at same time. Also I was interested to use vBulletin as forum instead of Drupal's below-par forum. I thought integration of Drupal & vBulletin is a tricky one (I know there are some solutions like vBdrupal, but I don't like them).
I'm using WordPress for a long time but I never had a hacking issue yet. WordPress has just problem with CPU Usage. If you have more than 100.000 pages, I don't suggest you VPS, go and start with a Dedicated Server.
Members should not be registering twice. This is the main one. When I checked out WPMU last time, I heard it was too buggy to use. I am not sure if the situation has changed now.
iN the begining i was facing spam comments but now it has be solved by using plugin akismet. Hve strong password so no one can hack ur blog. and change on frequent base
use a different username and delete the admin one... and use a different prefix for your db can also help.. you can also use the WordPress Exploit Scanner plugin