ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Wordpress and Hackers

<< < (5/6) > >>

rgdot:
Understood :)

Renegade:
And don't use too many plug-ins without having checked their code.
-Tuxman (August 22, 2014, 06:05 AM)
--- End quote ---

While this is 110% solid advice, it's really hard for most people to do this. Very few people, and even few programmers, are qualified to actually determine security vulnerabilities. It's not easy.

Could I do it? Yes. How long would it take me? FOREVER!

I understand enough to track down issues. But I'll never actually do it because it's simply far too time consuming.

There's the actual code itself, which is relatively simple to check for things like SQL injection, etc.

Then there's the checking of the actual PHP methods, and so on down the line. NIGHTMARE!!!

My rule of thumb here is to use only commonly used plug-ins with a record of security. I have to blindly trust them because checking is too expensive for me.

Tuxman:
My rule of thumb here is to use only commonly used plug-ins with a record of security. I have to blindly trust them because checking is too expensive for me. -Renegade (August 24, 2014, 11:21 AM)
--- End quote ---

I usually try to replace plug-ins by simple functions.php snippets around twice a year. Works well. I know it sounds a bit harsh, but if you don't understand PHP, you shouldn't install WordPress. Better use the wordpress.com hosting service.

Stoic Joker:
My rule of thumb here is to use only commonly used plug-ins with a record of security. I have to blindly trust them because checking is too expensive for me. -Renegade (August 24, 2014, 11:21 AM)
--- End quote ---

I usually try to replace plug-ins by simple functions.php snippets around twice a year. Works well. I know it sounds a bit harsh, but if you don't understand PHP, you shouldn't install WordPress. Better use the wordpress.com hosting service.-Tuxman (August 24, 2014, 11:46 AM)
--- End quote ---

That's not going to auto-magically protect someone from installing a defectoid plugin, or guarantee security. It might get you updates a little faster...but until a need for said update is known, you're still going to be just as exposed as any other vanilla install.

Tuxman:
Wordpress.com didn't let you install custom plug-ins last time I checked.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version