[dba-Tech] WordPress Question(s)

Jim Lawrence accessd at shaw.ca
Thu Sep 20 12:58:29 CDT 2018


Hi Arthur:

A number of years ago, I build an interactive WP site and used it for a number of years: "SeriousArt.com" but it started getting hacked and even though my SiL and I spent weeks trying to find how the hackers were getting in, unless we set the system to read-only there was no way to stop them. 

It was discovered to be a serious zero-day flaw in the PHP code design so unless we wanted to re-write the system we were out-of-luck so until the WP design team resolved the issues there was little we could do. The WP team was restrained from fixing the errors quickly as such a change would disable a major portion of the third-party plugins. Our site was setup so Maria could manage a group of musicians and poets for a book she was creating and as the book was completed, we decided the simplest solution was to delete the site and remove the domain. I understand that the hosting giant GoDaddy now owns the domain.

Supposedly, the core errors have since been resolved but my venture into the world of WP blogs did not end on a high note. It should also be noted that most of the third-party two-factor authentication login scripts are flawed so care should be taken when deciding login solutions or plugin...but I had built our own site and was hosting it.

OTOH, if you are only sponsoring a private blog and you change the default WP address/URL, it would be unlikely that any site scanner would discover your private blog. There are also numerous companies along with hosting WP sites, have a number of great templates that fit ninety percent of the needs of most users and with a little graphic, cosmetic and scripting work, a perfect site can be run up with little effort and little expense. 

Jim    

----- Original Message -----
From: "Arthur Fuller" <fuller.artful at gmail.com>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Thursday, September 20, 2018 4:46:52 AM
Subject: Re: [dba-Tech] WordPress Question(s)

Stuart,

You are quire right. I used the WordPress "Start a blog" button. Perhaps I
should forget about that approach and instead do a regular installation?

On Wed, Sep 19, 2018 at 9:09 PM Stuart McLachlan <stuart at lexacorp.com.pg>
wrote:

> It sounded as thought Arther was not *installng* Wordpress. He apparently
> has created a
> number of Wordpress.com hosted sites.
>
> On 19 Sep 2018 at 8:44, Jim Lawrence wrote:
>
> > Hi Arthur:
> >
> > The questions you are asking could fill a book but...
> >
> > If you want to have a operational Word Press and you haven't installed
> > it before or not for a long time, I would search out a step by step
> > installation guide, follow it and get a basic instance running before
> > getting fancy.
> >
> > Every new install should over-right previously failed installs so that
> > shouldn't be a problem. If your WP, is going to be a forward facing
> > application, with input fields, check out a security guide as there
> > are so many "holes" a scrip kiddie can hack or more accurately walk
> > through.
> >
> > After, everything has been tested then you can start coding in or
> > downloading various GUI layouts along their associated features.
> >
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com


More information about the dba-Tech mailing list