Results 1 to 21 of 21
Thread: Should I go the WordPress route?
-
10-16-2013, 02:12 PM #1Junior Guru
- Join Date
- Apr 2005
- Posts
- 218
Should I go the WordPress route?
I have a site that is a high risk site that faces multiple security threats. Wordpress would be ideal for this site BUT I am worried that we will get hacked. Should I stick to a simple HTML old school page instead of going the CMS route? Or can Wordpress be hardened?
0
-
10-16-2013, 02:38 PM #2Retired Moderator
- Join Date
- May 2004
- Location
- Pflugerville, TX
- Posts
- 11,231
Wordpress is as secure as you make it. If you leave it as-is out of the box, it is hackable through brute force. If you take a little time to nail it down tight, it can be an extremely secure application.
http://codex.wordpress.org/Hardening_WordPress - this will get you under way.
There are other articles and plug-ins that assist too. In all, an extra 30 minutes right before launch will make all the difference in the world. I would not throw out Wordpress based on security concerns.Studio1337___̴ı̴̴̡̡̡ ̡͌l̡̡̡ ̡͌l̡*̡̡ ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡̡̡̡.__Web Design0
-
10-16-2013, 10:41 PM #3Web Monkey
- Join Date
- Dec 2005
- Location
- Finland
- Posts
- 1,471
WordPress can be hardened. You can also increase security by hiding the actual site behind proxies or services such as Cloudflare. Or use a WordPress hosting service that takes care of (certain parts of) security. There's even the possibility to grab a HTML copy of your WordPress-based site, and let the users browse that.
However, this kind of question does give me a bit of an uneasy feeling. Do you know what you're getting into? If you're just getting started with WordPress a high-risk site doesn't seem like a good first project.0
-
10-17-2013, 01:14 AM #4Junior Guru
- Join Date
- Apr 2005
- Posts
- 218
Well I won't lie I never had to deal with a high risk site before and I am new to hardening. My problem is that I have little choice put to throw this site on wordpress since they are thousands of pages. It would take me forever to convert this site to a new template if I didn't go down the wordpress route.
0
-
10-17-2013, 01:35 AM #5New Member
- Join Date
- Nov 2011
- Posts
- 4
Excellent information on hardening. I run hundreds of websites and many of them use wordpress. Best thing I found was to ensure you always update WP to the latest version and update your plugins to avoid any obvious loopholes.
0
-
10-17-2013, 01:53 AM #6Web Hosting Master
- Join Date
- Jan 2008
- Posts
- 1,204
WordPress is secure as far as you take necessary security measures. Also, it is essential that you keep your installation, plugins, themes up to date. You can also follow their guideline to prevent brute force attacks:
http://codex.wordpress.org/Brute_Force_Attacks|| Web Hosting Blog - Web Hosting security & latest web hosting industry Announcements
|| Web Hosting Discussion - A Web Hosting community0
-
10-17-2013, 10:12 AM #7Junior Guru Wannabe
- Join Date
- Mar 2010
- Posts
- 55
Another factor to consider when building on WordPress is the theme you are using. Use a reliable framework such as Genesis or Woo and then build a child theme. It makes upgrading the framework much easier. I use Genesis and have never had any issues. However, I have taken over some sites for a few customers that were using out of date free themes and their sites were hacked. Once a few security measures were put in place and I implemented Genesis with a child theme they were fine. Best of luck.
0
-
10-17-2013, 10:35 PM #8Web Monkey
- Join Date
- Dec 2005
- Location
- Finland
- Posts
- 1,471
Are you required to use WordPress? If you just need a CMS there are other good choices. Some more secure than WordPress out-of-the-box, but you need to do the research.
Jmshap makes a good point. If you want a secure site, you can't buy parts from some random dude on the internets. I'm using iThemes Builder and StudioPress Genesis.
If you need WordPress security tips, try to search WHT. There's a new thread every week.0
-
10-19-2013, 10:57 AM #9Junior Guru
- Join Date
- Sep 2013
- Posts
- 182
It depends on what you are using it for. It is well supported and backed by a large community.
0
-
10-19-2013, 11:05 AM #10Web Hosting Evangelist
- Join Date
- Apr 2013
- Location
- Data center
- Posts
- 541
Just do not use low-rated wp plugins. Most websites get hacked due to vulnerabilities in plugins
0
-
10-19-2013, 12:20 PM #11Junior Guru Wannabe
- Join Date
- Oct 2013
- Posts
- 53
Would all this advice regarding WP being secure be the same for an ecommerce site?
0
-
10-19-2013, 12:41 PM #12Junior Guru Wannabe
- Join Date
- Mar 2010
- Posts
- 55
Definitely. If you are using a plug in for ecommerce make sure it is a reliable one and that you keep up on security updates.
0
-
10-19-2013, 01:06 PM #13Junior Guru Wannabe
- Join Date
- Oct 2013
- Posts
- 53
0
-
10-19-2013, 02:02 PM #14
Wordpress might work, but it'd probably be a better idea to setup your own custom system. Take some time, put it together right, you'll have all kinds of fun with it, and learn stuff
Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons0
-
10-19-2013, 10:14 PM #15Web Monkey
- Join Date
- Dec 2005
- Location
- Finland
- Posts
- 1,471
0
-
10-20-2013, 12:12 AM #16
says the person flaunting wordpress in their sig.
The reality is that yes, it will take some time, but in the end, it will be less vulnerable to attack (unless you have a horribly designed system), less resource intense, and it will be what YOU want.
It really doesn't take that long to put up something using CodeIgnitor, from what I've seen. You own the system, you can change it as you like, and you know it WORKS0
-
10-20-2013, 01:16 AM #17Web Monkey
- Join Date
- Dec 2005
- Location
- Finland
- Posts
- 1,471
The person who flaunts WordPress in their sig seems to know more about web development principles and business than you. Scary, ain't it?
If OP really is experienced web developer, the resulting system might be less vulnerable to an attack. If he's just another average user he's probably way worse off, because he'll end up with a horribly designed system with all sorts of simple rookie mistakes.
When you code your own system, you indeed know all the code. Unless you have a team of coders you're probably blind to your own bugs and vulnerabilities. If you have users other than yourself they're often demanding all sorts of silly stuff like "visual editor" and "logical admin interface". There's a point when you probably don't have time to develop your precious system any more - unless your hobby or business is to develop a CMS, but that's not the scenario here. It's nice to have other developers taking the system forward, and tackling all sort of stuff you don't want to.
I've moved more than a dozen sites from home-baked systems to WordPress. I'm the first to admit that there were no performance gains to be had, but it was purely for business reasons.
I'm not sure how you can even think that "code your own" is generally a good advice. It is not from any angle I can think of.
ADDED: Sometimes custom coding the website is the best idea. I'm not trying to deny that. The basic website isn't often that different from the next one, so there's probably an open source CMS around that will do just fine.Last edited by nettiapina; 10-20-2013 at 01:27 AM.
0
-
10-20-2013, 06:54 AM #18Web Hosting Master
- Join Date
- Mar 2013
- Posts
- 1,328
WordPress in itself is secure, the problem is what you plug into it.
Always search how secure a plugin is beforehand.0
-
10-20-2013, 07:13 AM #19Junior Guru
- Join Date
- Mar 2011
- Posts
- 199
Custom coding is a good idea if you have a small feature list , if the service needs to be at enterprise level you'll waste weeks to get a good product out.
As for high security I highly recommend Drupal.0
-
10-21-2013, 12:41 AM #20Disabled
- Join Date
- Dec 2007
- Posts
- 59
In most cases, wordpress is recommended as it is easy not only for the developer but also for the clients.
However, be sure to update regularly the wordpress core and plugins.
Also use proper caching as wordpress can sometimes be slow.0
-
10-21-2013, 02:28 AM #21Newbie
- Join Date
- Aug 2013
- Posts
- 10
WordPress is semi-good with security i'd recommend changing the wp-admin path and adding some security in .htaccess and making sure the plugins you use are NOT Vulnerable
0
Similar Threads
-
100/yr WordPress Hosting - Free Setup, Themes, Plugins - WordPress Hero
By solarbluseth in forum Shared Hosting OffersReplies: 0Last Post: 09-04-2013, 11:46 AM -
Mariehosting - WordPress Hosting $100 - Expert Support From WordPress Developers
By solarbluseth in forum Shared Hosting OffersReplies: 0Last Post: 05-02-2013, 01:21 PM -
Searching best route do brazil: low ping, good route
By dudaefj in forum Dedicated ServerReplies: 17Last Post: 09-09-2012, 02:05 AM -
Does installing wordpress on root of vps enables wordpress on child hosting accounts
By Kabindra Bakey in forum VPS HostingReplies: 5Last Post: 07-06-2011, 11:10 AM -
Need: Logo, HTML to Wordpress, Wordpress+Kayako+WHMCS+vBulletin Integration
By Karl_CLOOK in forum Design RequestsReplies: 9Last Post: 11-19-2010, 11:54 AM