|
|
|
|
|
|
by pen2l
4077 days ago
|
|
|
Wordpress is not as insecure as people think, it's only insecure when you start loading unknown plugins and such (which it seems a lot of people do do). My wordpress site has been up for about 4 years without me updating it or doing anything at all to it... and somehow it still hasn't fallen down. |
|
|
If you look back in history, the so-called "WordPress hacks" in the news had nothing to do with a flaw in WordPress. What actually happened was, like in the case of the Media Temple hack, the hacker got access to the MySQL database and obviously all the blog data stored in MySQL was vulnerable. There was never any indication that WordPress was the attack vector when all those big hosts were affected. So what can you learn from that? Don't use shared hosting. Shared hosting was never that reliable in the first place. From my perspective, the shift to VPS was a big leap forward in terms of uptime for most websites/blogs.
Another big problem was the "timthumb" plugin. But from 2004 onward, that was really the only plugin that caused widespread problems for WordPress blogs, as far as I can remember. Yes, some plugins are dangerous and maybe you want a service like sucuri.net if you're really concerned about bad plugins. But bad plugins are rare, IMO.
Also weak passwords, again not a WordPress-specific problem. People using FTP carelessly, I bet that's the issue most of the time.
I'm not saying security is easy, I'm just saying WordPress is generally not the culprit. If there was ever any major hack that made the mainstream news that I missed, please post the link.