[jacob019]

pre-alpha, bummer. Over the years I've had quite a few friends and family ask me to arrange hosting of their wordpress sites. Generally I refuse because wordpress has a long history of security problems. An alternate interpreter with sandboxed execution could solve a lot.

[1337shadow]

I thought wordpress had solved their problem with auto updates ? Not sure if that helps against poorly written third party plugins however. .. https://codex.wordpress.org/Configuring_Automatic_Background...

This makes hosting php a rather pleasant experience for me: https://uwsgi-docs.readthedocs.io/en/latest/PHP.html

[nickpsecurity]

A lot of us had same idea as you without time to rewrite it. Looking for alternatives, I found one done in Java:

http://quercus.caucho.com/

[nkozyra]

I don't see what it fixes. You're just replacing an interpreter and in all likelihood bundling a web server.

PHP 7 is a pretty solid language. I don't like WordPress at all, but there's so much cruft, legacy nonsense and plugin garbage that you won't win that battle.

[jacob019]

well obviously we won't win the performance battle, and it may be impossible to protect the database and user data, but sandboxed execution with a virtual filesystem could protect the overall system, keep it from joining botnets and sending spam, etc.

[nkozyra]

Ok, but think about how many other ways you could fix that by wrapping battle tested interpreters.