Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Website Development & Design > WordPress Vulnerability: DoS flaw could bring down your site
forgot password?



FORUM SUPPORTERS:

Reply


Old
  Post #16 (permalink)   10-04-2018, 05:12 PM
HD Newbie
 
Join Date: Sep 2018
Posts: 19

Status: ronnel is offline
As I see that's a truth we have to bare. That's why many people will like to develop their website from scratch. Because if there is a bug in a CMS, you will have to wait until they decide to correct that bug.
__________________
ABC Hosting Ltd Free Hosting, VPS, Domain, Dedicated Servers
Dedicated Servers 36TB hdd, 2xCPU, 16GB ram, 1Gbps
Email Us / English, Polish, Russian, Ukrainian, Spanish, Arab, French
 
 
 


Old
  Post #17 (permalink)   10-05-2018, 03:46 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,476
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by ronnel View Post
As I see that's a truth we have to bare. That's why many people will like to develop their website from scratch. Because if there is a bug in a CMS, you will have to wait until they decide to correct that bug.
But not everyone can develop their own websites from scratch, even main stream site designers use CMS as frameworks while designing websites. But is not just a case of developers issuing bugs, it is also down to website owners as i used to always have to push my clients to upgrade their scripts, so even if bug fixes are issued it is upto the website owners upgrade their installations to versions that include the bug fixes.
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #18 (permalink)   10-07-2018, 10:12 PM
HD Amateur
 
Join Date: Aug 2017
Posts: 54

Status: PeterShene is offline
Quote:
Originally Posted by 24x7server View Post
Yea, unfortunately, that's the truth. :/

While investigating our client's issue, we have seen so many abandoned plugins that are currently available for installation from the WordPress plugin repository that appear to have vulnerabilities that have not been fixed. The interesting fact is those plugins have not been modified for 2 years or more and some of them have thousands of active installs. LOL
This is a indirect result of Gutenberg IMO. Theme developers and plugin developers who helped make this platform what it is are stopping looking for alternatives as gutenberg is set to replace alot of what can be done via outside resources. Some are fighting it and some are trying to integrate with it.

Also as you have mentioned people install plugins for almost every reason because most people on WordPress dont even know how to optimise a image without a plugin let alone any other programming or website building functions.

Ofcourse as we know php is a patchy language that is constantly getting checked and updated for issues. If you arent updating you will have vulnerabilities. Its not wordpress, its not php, ive seen very secure wordpress sites and very secure payment gateways written in php...

Its the people who use the plugins and dont know what theire really doing that is the real problem. With gutenberg, it will only get worse.
__________________
Web design east london
 
 


Old
  Post #19 (permalink)   10-08-2018, 01:22 AM
HD Newbie
 
Join Date: Oct 2017
Posts: 15

Status: bountysite is offline
It is hard to say that Wordpress is less secure than others. This argument is equivalent to saying that Windows is less secure than Linux. But the truth is that Windows is more popular than Linux, and hence targeted more for monetary benefits. Technically both are equally exploitable.

Same way, Wordpress is the most popular CMS, used in the internet, and hence more effort to hack.

I had written a wordpress plugin for BountySite, few months back, and they had a decent coding standard, which has been built over years of experience. Despite all the process in place, security vulnerabilities do happen. It does look scary when there is an exploit open with no patch available.

I had a look at the patch, it is pretty simple. Wonder why they did not go for the fix immediately!
__________________
BountySite
Backup, Security and Availability for Websites - Shared/VPS/Cloud/Dedicated
de facto for all Shared Hosting Environments
 
 


Old
  Post #20 (permalink)   10-08-2018, 01:36 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,476
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
A lot is down to end users not updated their scripts when updates or patches are released.
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: