50,000 sites backdoored through shoddy WordPress plugin Some 50,000 sites have been sprayed with backdoors from shonky malware targeting a popular and vulnerable WordPress plugin, according to researcher Daniel Cid. Sucuri founder Cid says the bodged malware can infect any site that resides on the server of a hacked WordPress website. The flawed plugin allowed attackers to "inject …
I don't know why you decided to be Anonymous, all you did was tell the truth.
WordPress is a horrid, bloated mess of a system. It's slow, and for it to do ANYTHING worthwhile you need to use about 10 plugins. It's the darling of Web Agencies across the world more for the fact you can get it out the door quickly rather than have a system that's built to spec for the client, that's secure and efficient.
The one to watch is October CMS, for me this is the WordPress killer I've been dreaming about. It's quick and secure, as it's built on the Laravel framework which in turn uses several Symfony components.
I look forward to WordPress' overdue demise.
The one to watch is October CMS
Or TextPattern. It stagnated for a long while, but has been going through a comprehensive overhaul for several years now.
A compromise I saw hit some of my client's Wordpress sites last year involved a single line of code added to the PHP files for each page, which then launched more code from a single page of script. In our case it was quickest to just restore from backups as too many little changes were all over the place.
"I run Wordpress because it seems one of the best available."
May be at the time it was easy for you to understand. However in reality, Wordpress is great for blogging, but that's all what Wordpress does well. I know it has CMS features with plugins but it's a laugh compared to wCMS systems that where from the ground up designed to be a (w)CMS.
May be it's time for you tome move on?
This post has been deleted by its author
Unrelated, but there seems to be a widespread botnet attack on Wordpress blogs' "xmlrpc" feature in the last few days. People are reporting bots with up to 30,000 members trying to guess usernames and passwords. In the last 4 days my own low traffic blog has received 24,000 attempts from over 8000 bit IPs.
WordPress: in constant development, regular updates, open source, many core developers, multiple development teams, easy to extend, thousands of plugin and theme developers, well commented core code, hooks to latch code into, automatic updates (since 3.9, a pro and con, I know)...
Purpose Built CMS: small development team unless you have lots and lots of money to throw at the project, code comments dependent on coder's mood, costly to extend, expensive to replace or modify if the development team vanishes, smaller group of people checking for vulnerabilities, often closed source code, restrictions on usage (depending on contract), limited support channels...
423 out of over 100,000 WP plugins might contain vulnerabilities (those figures are not fact-checked and are very likely underestimates) so that means 99,577 plugins do not contain vulnerabilities (or vulns. have yet to be found in some of them).
WordPress might not be ideal for every use case but it is suited to the needs of most people and is within the price range of most people.
As someone who can develop a CMS (and has developed several) from the ground up, I say that WordPress, despite some shortcomings, is a good start point to work with.
If you dislike a WP plugin, change it. If a plugin is vulnerable, solve the vulnerability. Want to use a new plugin but unsure whether it is vulnerable to attack, check the code and tell the developer about the flaw. Stop faulting WordPress and WP developers and help the project by providing workable solutions.
How many of you complainers have been in business for as long WordPress has been in existence? Do you expect to be around for as long as WordPress will be here?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
