[dba-Tech] WordPress Question(s)

Peter Brawley peter.brawley at earthlink.net
Thu Sep 20 19:43:48 CDT 2018


On 9/20/2018 12:58, Jim Lawrence wrote:
> Hi Arthur:
>
> A number of years ago, I build an interactive WP site and used it for a number of years: "SeriousArt.com" but it started getting hacked and even though my SiL and I spent weeks trying to find how the hackers were getting in, unless we set the system to read-only there was no way to stop them.
>
> It was discovered to be a serious zero-day flaw in the PHP code design

... and some such are still there, 
https://thehackernews.com/2016/12/php-7-update.html.

PB

-----

>   so unless we wanted to re-write the system we were out-of-luck so until the WP design team resolved the issues there was little we could do. The WP team was restrained from fixing the errors quickly as such a change would disable a major portion of the third-party plugins. Our site was setup so Maria could manage a group of musicians and poets for a book she was creating and as the book was completed, we decided the simplest solution was to delete the site and remove the domain. I understand that the hosting giant GoDaddy now owns the domain.
>
> Supposedly, the core errors have since been resolved but my venture into the world of WP blogs did not end on a high note. It should also be noted that most of the third-party two-factor authentication login scripts are flawed so care should be taken when deciding login solutions or plugin...but I had built our own site and was hosting it.
>
> OTOH, if you are only sponsoring a private blog and you change the default WP address/URL, it would be unlikely that any site scanner would discover your private blog. There are also numerous companies along with hosting WP sites, have a number of great templates that fit ninety percent of the needs of most users and with a little graphic, cosmetic and scripting work, a perfect site can be run up with little effort and little expense.
>
> Jim
>
> ----- Original Message -----
> From: "Arthur Fuller" <fuller.artful at gmail.com>
> To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
> Sent: Thursday, September 20, 2018 4:46:52 AM
> Subject: Re: [dba-Tech] WordPress Question(s)
>
> Stuart,
>
> You are quire right. I used the WordPress "Start a blog" button. Perhaps I
> should forget about that approach and instead do a regular installation?
>
> On Wed, Sep 19, 2018 at 9:09 PM Stuart McLachlan <stuart at lexacorp.com.pg>
> wrote:
>
>> It sounded as thought Arther was not *installng* Wordpress. He apparently
>> has created a
>> number of Wordpress.com hosted sites.
>>
>> On 19 Sep 2018 at 8:44, Jim Lawrence wrote:
>>
>>> Hi Arthur:
>>>
>>> The questions you are asking could fill a book but...
>>>
>>> If you want to have a operational Word Press and you haven't installed
>>> it before or not for a long time, I would search out a step by step
>>> installation guide, follow it and get a basic instance running before
>>> getting fancy.
>>>
>>> Every new install should over-right previously failed installs so that
>>> shouldn't be a problem. If your WP, is going to be a forward facing
>>> application, with input fields, check out a security guide as there
>>> are so many "holes" a scrip kiddie can hack or more accurately walk
>>> through.
>>>
>>> After, everything has been tested then you can start coding in or
>>> downloading various GUI layouts along their associated features.
>>>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>



More information about the dba-Tech mailing list