[dba-Tech] WordPress Question(s)

Peter Brawley peter.brawley at earthlink.net
Sat Sep 22 11:28:19 CDT 2018


Jim,

On 9/21/2018 1:52, Jim Lawrence wrote:
> There may still be some active zero day bugs in the WP system but the article you presented was from 2016, so hopefully things have improved in two years.

As Stuart's link 
(https://www.theregister.co.uk/2018/09/21/wordpress_flaws_attacked/) 
illustrates, scammers & hackers rely on such hopefulness, with much 
success.

PHP release x.y+1 may plug vulnerabilities in PHP x.y, but PHP x.y wo't 
disappear. Many hosting providers offer PHP version choice, sometimes 
back to 4.x. WP is often used mainly because the user thinks she has 
better things to do than attend to low-level details like PHP version 
upgrades. Indeed that fact contributes to WP being an attractive target 
for hackers.

PB



>
> Jim
>
> ----- Original Message -----
> From: "peter brawley" <peter.brawley at earthlink.net>
> To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
> Sent: Thursday, September 20, 2018 5:43:48 PM
> Subject: Re: [dba-Tech] WordPress Question(s)
>
> On 9/20/2018 12:58, Jim Lawrence wrote:
>> Hi Arthur:
>>
>> A number of years ago, I build an interactive WP site and used it for a number of years: "SeriousArt.com" but it started getting hacked and even though my SiL and I spent weeks trying to find how the hackers were getting in, unless we set the system to read-only there was no way to stop them.
>>
>> It was discovered to be a serious zero-day flaw in the PHP code design
> ... and some such are still there,
> https://thehackernews.com/2016/12/php-7-update.html.
>
> PB
>
> -----
>
>>    so unless we wanted to re-write the system we were out-of-luck so until the WP design team resolved the issues there was little we could do. The WP team was restrained from fixing the errors quickly as such a change would disable a major portion of the third-party plugins. Our site was setup so Maria could manage a group of musicians and poets for a book she was creating and as the book was completed, we decided the simplest solution was to delete the site and remove the domain. I understand that the hosting giant GoDaddy now owns the domain.
>>
>> Supposedly, the core errors have since been resolved but my venture into the world of WP blogs did not end on a high note. It should also be noted that most of the third-party two-factor authentication login scripts are flawed so care should be taken when deciding login solutions or plugin...but I had built our own site and was hosting it.
>>
>> OTOH, if you are only sponsoring a private blog and you change the default WP address/URL, it would be unlikely that any site scanner would discover your private blog. There are also numerous companies along with hosting WP sites, have a number of great templates that fit ninety percent of the needs of most users and with a little graphic, cosmetic and scripting work, a perfect site can be run up with little effort and little expense.
>>
>> Jim
>>
>> ----- Original Message -----
>> From: "Arthur Fuller" <fuller.artful at gmail.com>
>> To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
>> Sent: Thursday, September 20, 2018 4:46:52 AM
>> Subject: Re: [dba-Tech] WordPress Question(s)
>>
>> Stuart,
>>
>> You are quire right. I used the WordPress "Start a blog" button. Perhaps I
>> should forget about that approach and instead do a regular installation?
>>
>> On Wed, Sep 19, 2018 at 9:09 PM Stuart McLachlan <stuart at lexacorp.com.pg>
>> wrote:
>>
>>> It sounded as thought Arther was not *installng* Wordpress. He apparently
>>> has created a
>>> number of Wordpress.com hosted sites.
>>>
>>> On 19 Sep 2018 at 8:44, Jim Lawrence wrote:
>>>
>>>> Hi Arthur:
>>>>
>>>> The questions you are asking could fill a book but...
>>>>
>>>> If you want to have a operational Word Press and you haven't installed
>>>> it before or not for a long time, I would search out a step by step
>>>> installation guide, follow it and get a basic instance running before
>>>> getting fancy.
>>>>
>>>> Every new install should over-right previously failed installs so that
>>>> shouldn't be a problem. If your WP, is going to be a forward facing
>>>> application, with input fields, check out a security guide as there
>>>> are so many "holes" a scrip kiddie can hack or more accurately walk
>>>> through.
>>>>
>>>> After, everything has been tested then you can start coding in or
>>>> downloading various GUI layouts along their associated features.
>>>>
>> _______________________________________________
>> dba-Tech mailing list
>> dba-Tech at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/dba-tech
>> Website: http://www.databaseadvisors.com
>> _______________________________________________
>> dba-Tech mailing list
>> dba-Tech at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/dba-tech
>> Website: http://www.databaseadvisors.com
>>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>



More information about the dba-Tech mailing list