Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Other WordPress Security

  • This topic is empty.
Viewing 7 posts - 16 through 22 (of 22 total)
  • Author
    Posts
  • #170970
    nixnerd
    Participant

    But “hardening” is not a simple or straightforward task. There is no “one-click” solution.

    I was going to say this before but I didn’t want to overwhelm you. It starts with grsecurity, maybe more. Then there’s either a really complex SELinux config or a slightly easier AppArmor config. Then there’s LXC or some other virtualization tool to keep things contained. Then there’s proper file permissions and SSH key management. Then there’s security patches. See where I’m going? I’ve just barely scratched the surface. That is pretty minimal and its not that easy.

    I’d pay a real sys admin and not trust some dude or company that uses buzzwords and marketing jargon.

    #170971
    nixnerd
    Participant

    I’ve just barely scratched the surface. That is pretty minimal and its not that easy.

    BTW, I’m not saying you can’t do it… I’m just saying not to trust just anyone if you’re really concerned.

    #170972
    __
    Participant

    Indeed. But, speaking of not scaring you away, sit back and consider what you actually need. 99 out of 100 websites (probably more) would be perfectly served by a stock VPS solution.

    If you cover common+easy attack vectors like code injection and file uploads, you might not have any further practical concerns. For most sites, the number one security precaution is to make sure you have offsite backups and can quickly re-launch your site, with a minimal loss of data, from a clean start.

    #170979
    nixnerd
    Participant

    Indeed. But, speaking of not scaring you away, sit back and consider what you actually need. 99 out of 100 websites (probably more) would be perfectly served by a stock VPS solution.

    Totally true. I would say, get a VPS… Maybe chroot the LAMP stack and use best practices. Boom sauce. Done.

    #171013
    BranCook
    Participant

    I did actually speak to an individual that has hosted sites for a company that I previously worked with. He suggested a Virtual Dedicated over a Dedicated for some of the reasons that you pointed out above. I like the idea of working with him because we would actually know who is administering our server.


    @traq
    , can you give some specific examples of why Drupal is better written than WordPress? Thanks for all of the very helpful advice!

    #171023
    __
    Participant

    Well, my conclusions are based on the code I’ve seen. As a disclaimer, I have a familiarity with each of the CMSs, but I don’t use any of them regularly. A few years back, I was interested in how CMSs were built, so I downloaded a bunch of them and tried to figure it out.

    Drupal’s code is cleaner. They have coding standards and reviews. They have a fairly large security team. They also have a philosophy of not being strict about backwards-compatibility: is something needs to be fixed, or could be “done in a better way,” they do it. They maintain older versions for a certain amount of time (I think it’s just the most recent major branch), and then drop them. If some plugin relied on the mistake that is now gone, then the plugin is simply broken (unless the developer decides to go fix it, too).

    Drupal is also very developer-oriented. This makes it harder for beginners, but better overall. Drupal is very scalable and extensible.

    Now, going back to my earlier post, I’m not saying that WP is horrible. It’s fine for many purposes, as long as you take the effort to be informed and security-conscious. Of course, this is something you should always be doing, regardless of what software you choose.

    If you’re looking to secure WP, there is plenty of advice online. Skip the ones that offer a plugin that does it all for you.

    #171140
    BranCook
    Participant

    Thanks @traq, your advice and the information that you have provided has really helped.

    Thanks again
    -Brandon

Viewing 7 posts - 16 through 22 (of 22 total)
  • The forum ‘Other’ is closed to new topics and replies.