WordPress ‘security issues’ – help please
-
I’ve just come across an organisation which won’t commission a Worpress based site because they’re under the impression that it has ‘security issues’ and is vulnerable to hackers. To my mind, any website (and anything which can be accessed via a username and password, like all FTP sites) is vulnerable to hackers and the only serious hacks I’ve come across have related to non WordPress sites. But I’d be really interested to hear how you’d respond to this organisation.
-
You need to inquire over at http://wordpress.ORG/support/ . This is for the free-hosting service, wordpress.COM.
-
Since you did ask at wordpress.com, http://wordpress.com/vip-hosting/ might be relevant. Security is one of the reasons our VIP customers choose wordpress.com.
-
OK, thanks. I’ll post there. Please feel free to delete this. And I’ll take a look at VIP hosting.
-
‘You may be a good candidate for VIP hosting if, for example, you get more than 500,000 pageviews a month on your blog. Pricing begins at $500/month per blog with a one-time setup fee of $600’
Nope, not a candidate for VIP hosting (he said, before getting deleted!) Seems I’ll have to live with the security issues…damn.
-
The latest version of WordPress (2.6.2) is very secure according to all reports. If you are looking for hosting, check out the hosts listed at http://wordpress.org/hosting/ .
-
-
Are they still stealing that guy’s design and not crediting him? I saw Dizzy did a piece on it. It’s not a custom design if you don’t even bother renaming the image files.
Depending on what you need, it might be an option to host it here with WP.com without VIP hosting. WP.com is extraordinarily secure, but it’s not for everyone: no paid advertising, no Flash or Javascript, no plugins, only about 100 themes and if you want a custom design you have to write it yourself using Sandbox and the paid CSS upgrade.
Still, the benefits are solid and include major SEO bonuses built right in.
-
@ Raincoaster – I believe Dizzy and the outfit that did the site came to some sort of agreement. No. 10 wouldn’t go for ‘this site designed by…’ links on their home page (or anywhere else for that matter).
@ Andrew – they didn’t really do much research at all and certainly aren’t particularly web savvy. I suspect a non-Wordpress using web designer decided to put the frighteners on them, as we say here in the UK. One of the most serious hacks locally was of this site: http://www.westberks.gov.uk which was diverted to a site in Eastern Europe one weekend. That site certainly isn’t WP driven.
-
Well, the only time I’ve heard of a WP.COM site getting hacked was when some moran used a password like “password” and they got in that way. In the 2.75 years I’ve been here it’s withstood an awful lot of attacks, but I haven’t heard of a software-based attack that’s hijacked somebody’s blog here. And they don’t allow Flash and Javascript, so they won’t have the vulnerabilities an independent site or blogger or Myspace would.
-
“won’t commission a Worpress based site because they’re under the impression that it has ‘security issues’ and is vulnerable to hackers.”
Ask them for a Joomla or phpBB install. If they agree they are clueless so if you can, take your money elsewhere.
If they say No, ask them for absolute specifics on WordPress so you can spread the word to the wider WordPress community and to other hosts as it is important that people know about security issues. If they don’t tell you, take your money elsewhere.
If they say Yes and give you a list, post it in the .org forums, watch what they saw be ripped apart and then take your money elsewhere.
There’s a pattern here :)
-
Thanks Mark. No doubt other non-Wordpress web developers are/will be spreading malicious rumours about WordPress to ensure that they are hired. I wonder if it would be helpful for WP to put together a definitive statement on this that could be used by those of use who are promoting the use of WordPress?
I’m not a professional web developer, but I use WP for a number of websites related to community groups, my son’s school and so on. Using WP, particularly over recent months, has been a revelation. I want to be able to continue to use my existing WP sites/blogs safely and I also want to encourage others to exploit the platform’s potential. Having something I could show to them – written in plain English with no tech speak (even ‘hack’ should be avoided, I think).
On a specific point: presumably if someone changes a blog, either by cracking the user name/password, or by hacking directly into the code somehow (be patient with me, I am not a techie!) the RSS feed will always pick up the change? Is it possible to get the feed to generate an email and/or text message so that users can be alerted to changes, particularly when they aren’t expecting them? If not, it would be a very useful facility if it could be set up.
-
The feed would not change, no. You can get wider information at http://wordpress.org/support on security though and there are a few people who can check installs and advise more specifically.
As for a definitive statement – those you came across are in the minority so it’s not really needed.
-
OK, thanks again and point taken re. the statement. I guess it would also be a hostage to fortune and raise lots of legal issues.
- The topic ‘WordPress ‘security issues’ – help please’ is closed to new replies.
WordPress.com Forums 