Re: [PLUG] Blogging platform

JP Vossen on 10 Nov 2015 11:45:24 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Blogging platform

From: JP Vossen <jp@jpsdomain.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Blogging platform
Date: Tue, 10 Nov 2015 14:45:19 -0500
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

On 11/10/2015 01:42 PM, Doug Stewart wrote:
> JP, et al:

I don't recall commenting either pro-con on WordPress or its security
issues, the most recent I find is
http://www.google.com/url?q=http://lists.netisland.net/archives/plug/plug-2014-03/msg00044.html.
 But I more-or-less agree with a lot of the things from other folks; I
do hear a LOT about security vulnerabilities, but they do seem to be a)
fixed quickly and b) often in non-core code.

> Not to stick up for the platform that makes me my bread and butter, but 
> 
> a) Many of the WordPress security issues *are* related to third-party
> plugins and themes
> b) Core issues tend to be handled with expediency and delicacy (see,
> e.g., The Trojan Emoji: https://poststatus.com/the-trojan-emoji/)
> c) At > 25% of the Web, WP is obviously the biggest target out there

Yes, thanks. I'd meant to include a link to that because I've seen it
recently. But ironically, when I searched my RSS tool for "item title
contains wordpress" the *only* thing I found was 3x Debian and 1x
BugTraq security vulnerability announcements. Turns out Liferea's search
is case sensitive, and "item title contains WordPress" turned up this,
among others:
http://news.slashdot.org/story/15/11/08/2334257/wordpress-now-powers-25-of-the-web

> d) If you're interested in talking about it in person, the inaugural
> WordCamp US is being held here in Philly, Dec. 4-6. $40 for three days
> and a complimentary t-shirt (https://2015.us.wordcamp.org/tickets) I'll
> be there. *grin*
> 
> Is WP security perfect? Nope. Can you show me a CMS that has perfect
> security? Also Nope.

Can't argue that.

> I'd really love to see my open source brothers and sisters in arms help
> out. Looking down your noses at an open source platform powering a huge
> swath of the web, including some *very* large sites, is
> counter-productive IMHO.

I think there's something to both sides of that argument.  Certainly
open source communities can be--fractious--shall we say?  And that
energy would be better spent fixing some problem.  But there *is* a lot
of security up-keep required for WordPress, no matter why, and so some
might choose to avoid it.  That's actually why I forwarded the original
article, I was thinking that someone was asking about a *blog* and not a
CMS.

Simple is better for security, and I'm not sure anyone would argue
WordPress is simple in that way.  And sure, lots of other stuff, most of
it even, isn't simple in that way either...and look at the InfoSec mess
we're in...  I dunno, I guess it's an IT question to which the only
correct answers are "it depends" and/or "YMMV."

On 11/10/2015 01:34 PM, Keith C. Perry wrote:
> Are you talking about the thread in Aug in the context of web design?
 I remember myself, Brent and at least one more person saying that we
were NOT fans for Wordpress because of its security issues.
>
> http://lists.netisland.net/archives/plug/plug-2015-08/msg00195.html

I'm pretty sure that's what I was thinking of I just didn't search the
archives back far enough, thanks Keith.

> On Tue, Nov 10, 2015 at 1:26 PM, JP Vossen <jp@jpsdomain.org
> <mailto:jp@jpsdomain.org>> wrote:
> 
>     I seem to recall a recent question about blogging platforms, but I can't
>     find it, so it was probably a round-table discussion at a recent
>     meeting.
> 
>     Anyway, I just ran across this interesting article on a very interesting
>     blog ("Observations, musings and conjecture about the world of software
>     and technology" with lots on security and Windows):
>     http://www.troyhunt.com/2015/10/creating-blog-for-your-non-techie.html
> 
>     Other neat things from that blog:
>     https://haveibeenpwned.com/
>     http://plaintextoffenders.com/
>     http://www.troyhunt.com/2015/09/troys-ultimate-list-of-security-links.html

Later,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Blogging platform
  - From: JP Vossen <jp@jpsdomain.org>
- Re: [PLUG] Blogging platform
  - From: Doug Stewart <zamoose@gmail.com>

Prev by Date: Re: [PLUG] Replacement speaker for next week's PLUG West?
Next by Date: Re: [PLUG] Blogging platform
Previous by thread: Re: [PLUG] Blogging platform
Next by thread: Re: [PLUG] Blogging platform
Index(es):
- Date
- Thread