Results 1 to 21 of 21
  1. #1

    Should I go the WordPress route?

    I have a site that is a high risk site that faces multiple security threats. Wordpress would be ideal for this site BUT I am worried that we will get hacked. Should I stick to a simple HTML old school page instead of going the CMS route? Or can Wordpress be hardened?
      0 Not allowed!

  2. #2
    Join Date
    May 2004
    Location
    Pflugerville, TX
    Posts
    11,231
    Wordpress is as secure as you make it. If you leave it as-is out of the box, it is hackable through brute force. If you take a little time to nail it down tight, it can be an extremely secure application.

    http://codex.wordpress.org/Hardening_WordPress - this will get you under way.

    There are other articles and plug-ins that assist too. In all, an extra 30 minutes right before launch will make all the difference in the world. I would not throw out Wordpress based on security concerns.
    Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design
      0 Not allowed!

  3. #3
    Join Date
    Dec 2005
    Location
    Finland
    Posts
    1,471
    WordPress can be hardened. You can also increase security by hiding the actual site behind proxies or services such as Cloudflare. Or use a WordPress hosting service that takes care of (certain parts of) security. There's even the possibility to grab a HTML copy of your WordPress-based site, and let the users browse that.

    However, this kind of question does give me a bit of an uneasy feeling. Do you know what you're getting into? If you're just getting started with WordPress a high-risk site doesn't seem like a good first project.
      0 Not allowed!

  4. #4
    Well I won't lie I never had to deal with a high risk site before and I am new to hardening. My problem is that I have little choice put to throw this site on wordpress since they are thousands of pages. It would take me forever to convert this site to a new template if I didn't go down the wordpress route.
      0 Not allowed!

  5. #5
    Excellent information on hardening. I run hundreds of websites and many of them use wordpress. Best thing I found was to ensure you always update WP to the latest version and update your plugins to avoid any obvious loopholes.
      0 Not allowed!

  6. #6
    WordPress is secure as far as you take necessary security measures. Also, it is essential that you keep your installation, plugins, themes up to date. You can also follow their guideline to prevent brute force attacks:

    http://codex.wordpress.org/Brute_Force_Attacks
    || Web Hosting Blog - Web Hosting security & latest web hosting industry Announcements
    || Web Hosting Discussion - A Web Hosting community
      0 Not allowed!

  7. #7
    Join Date
    Mar 2010
    Posts
    55
    Another factor to consider when building on WordPress is the theme you are using. Use a reliable framework such as Genesis or Woo and then build a child theme. It makes upgrading the framework much easier. I use Genesis and have never had any issues. However, I have taken over some sites for a few customers that were using out of date free themes and their sites were hacked. Once a few security measures were put in place and I implemented Genesis with a child theme they were fine. Best of luck.
    Shapiro Web Design
    shapirowebdesign.com
    affordable custom websites
      0 Not allowed!

  8. #8
    Join Date
    Dec 2005
    Location
    Finland
    Posts
    1,471
    Quote Originally Posted by UnitedPakistan View Post
    My problem is that I have little choice put to throw this site on wordpress since they are thousands of pages. It would take me forever to convert this site to a new template if I didn't go down the wordpress route.
    Are you required to use WordPress? If you just need a CMS there are other good choices. Some more secure than WordPress out-of-the-box, but you need to do the research.

    Jmshap makes a good point. If you want a secure site, you can't buy parts from some random dude on the internets. I'm using iThemes Builder and StudioPress Genesis.

    If you need WordPress security tips, try to search WHT. There's a new thread every week.
      0 Not allowed!

  9. #9
    Join Date
    Sep 2013
    Posts
    182
    It depends on what you are using it for. It is well supported and backed by a large community.
      0 Not allowed!

  10. #10
    Join Date
    Apr 2013
    Location
    Data center
    Posts
    541
    Just do not use low-rated wp plugins. Most websites get hacked due to vulnerabilities in plugins
      0 Not allowed!

  11. #11
    Join Date
    Oct 2013
    Posts
    53
    Would all this advice regarding WP being secure be the same for an ecommerce site?
      0 Not allowed!

  12. #12
    Join Date
    Mar 2010
    Posts
    55
    Definitely. If you are using a plug in for ecommerce make sure it is a reliable one and that you keep up on security updates.
    Shapiro Web Design
    shapirowebdesign.com
    affordable custom websites
      0 Not allowed!

  13. #13
    Join Date
    Oct 2013
    Posts
    53
    Quote Originally Posted by jmshap View Post
    Definitely. If you are using a plug in for ecommerce make sure it is a reliable one and that you keep up on security updates.
    Thanks! I'll do that.
      0 Not allowed!

  14. #14
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Wordpress might work, but it'd probably be a better idea to setup your own custom system. Take some time, put it together right, you'll have all kinds of fun with it, and learn stuff
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons
      0 Not allowed!

  15. #15
    Join Date
    Dec 2005
    Location
    Finland
    Posts
    1,471
    Quote Originally Posted by twhiting9275 View Post
    Wordpress might work, but it'd probably be a better idea to setup your own custom system. Take some time, put it together right, you'll have all kinds of fun with it, and learn stuff
    That's not a good idea, unless OP is an experienced web programmer with a lot of time to spend on the project.
      0 Not allowed!

  16. #16
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Quote Originally Posted by nettiapina View Post
    That's not a good idea, unless OP is an experienced web programmer with a lot of time to spend on the project.
    says the person flaunting wordpress in their sig.
    The reality is that yes, it will take some time, but in the end, it will be less vulnerable to attack (unless you have a horribly designed system), less resource intense, and it will be what YOU want.

    It really doesn't take that long to put up something using CodeIgnitor, from what I've seen. You own the system, you can change it as you like, and you know it WORKS
      0 Not allowed!

  17. #17
    Join Date
    Dec 2005
    Location
    Finland
    Posts
    1,471
    Quote Originally Posted by twhiting9275 View Post
    says the person flaunting wordpress in their sig.
    The reality is that yes, it will take some time, but in the end, it will be less vulnerable to attack (unless you have a horribly designed system), less resource intense, and it will be what YOU want.

    It really doesn't take that long to put up something using CodeIgnitor, from what I've seen. You own the system, you can change it as you like, and you know it WORKS
    The person who flaunts WordPress in their sig seems to know more about web development principles and business than you. Scary, ain't it?

    If OP really is experienced web developer, the resulting system might be less vulnerable to an attack. If he's just another average user he's probably way worse off, because he'll end up with a horribly designed system with all sorts of simple rookie mistakes.

    When you code your own system, you indeed know all the code. Unless you have a team of coders you're probably blind to your own bugs and vulnerabilities. If you have users other than yourself they're often demanding all sorts of silly stuff like "visual editor" and "logical admin interface". There's a point when you probably don't have time to develop your precious system any more - unless your hobby or business is to develop a CMS, but that's not the scenario here. It's nice to have other developers taking the system forward, and tackling all sort of stuff you don't want to.

    I've moved more than a dozen sites from home-baked systems to WordPress. I'm the first to admit that there were no performance gains to be had, but it was purely for business reasons.

    I'm not sure how you can even think that "code your own" is generally a good advice. It is not from any angle I can think of.


    ADDED: Sometimes custom coding the website is the best idea. I'm not trying to deny that. The basic website isn't often that different from the next one, so there's probably an open source CMS around that will do just fine.
    Last edited by nettiapina; 10-20-2013 at 01:27 AM.
      0 Not allowed!

  18. #18
    Join Date
    Mar 2013
    Posts
    1,328
    WordPress in itself is secure, the problem is what you plug into it.
    Always search how secure a plugin is beforehand.
      0 Not allowed!

  19. #19
    Custom coding is a good idea if you have a small feature list , if the service needs to be at enterprise level you'll waste weeks to get a good product out.

    As for high security I highly recommend Drupal.
      0 Not allowed!

  20. #20
    In most cases, wordpress is recommended as it is easy not only for the developer but also for the clients.

    However, be sure to update regularly the wordpress core and plugins.

    Also use proper caching as wordpress can sometimes be slow.
      0 Not allowed!

  21. #21
    WordPress is semi-good with security i'd recommend changing the wp-admin path and adding some security in .htaccess and making sure the plugins you use are NOT Vulnerable
      0 Not allowed!

Similar Threads

  1. 100/yr WordPress Hosting - Free Setup, Themes, Plugins - WordPress Hero
    By solarbluseth in forum Shared Hosting Offers
    Replies: 0
    Last Post: 09-04-2013, 11:46 AM
  2. Replies: 0
    Last Post: 05-02-2013, 01:21 PM
  3. Searching best route do brazil: low ping, good route
    By dudaefj in forum Dedicated Server
    Replies: 17
    Last Post: 09-09-2012, 02:05 AM
  4. Replies: 5
    Last Post: 07-06-2011, 11:10 AM
  5. Replies: 9
    Last Post: 11-19-2010, 11:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •