Website design software?

Dan Romanchik KB6NU cwgeek at kb6nu.com
Mon Apr 18 08:45:40 CDT 2011


Robert--

Rather than get involved in a big debate, I'll just point out again that WordPress is currently running on tens of thousands, if not hundreds of thousands, of websites, and doing so apparently quite nicely.  I don't think it would be that popular if it wasn't easy to use or if it was as insecure as you seem to think it is. I have personally been using it for at least five years, and have had very few problems with it, and I have not run into any security problems with it in the last two or three years.

I attribute some of my success with KB6NU.Com to my use of WordPress. It's very easy to post new items, include images and video, and when something's easy to do, you'll undoubtedly do it more often. There are also plugins for just about any functionality that you can imagine, making it a snap to add that functionality.  All of this keeps admin time down and content time up, and that seems to be what the original poster asked for.

That's my story, and I'm sticking to it. :)

73, Dan KB6NU


On Apr 18, 2011, at Apr 18,8:48 AM, Robert E. Seastrom wrote:
> Dan Romanchik KB6NU <cwgeek at kb6nu.com> writes:
> 
>> Well, I"m not really all that concerned that my WordPress sites are
>> going to be used to distribute malware to visitors. The web hosting
>> company that my sites run on would be all over me in a minute if
>> that were the case. And, if it's PHP itself that you're worried
>> about, then Serendipity is also going to be a security risk since
>> it's written in PHP.
> 
> I suspect you grossly overestimate the amount of attention that web
> hosters pay to what's being hosted on them.  Typically their security
> posture is quite reactive, with nothing done unless they receive a
> complaint.  The largest problem is not PHP itself (although that is
> not an inconsequential problem) but rather from the secondary effects
> of it being a least common denominator.
> 
> Wordpress has been criticized for having an architecture that makes it
> unnecessarily difficult to write code that doesn't suffer from SQL
> injection vulnerabilities.
> 
> http://blogsecurity.net/wordpress/interview-280607
> 
> That's not its only problem, just one of many; it's gotten better
> since the 2007-2008 timeframe but that still doesn't mean it's not
> going to be the gift-that-keeps-on-giving.
> 
>> Let's take a step back for a second. What Terry originally wrote is,
>> "What I want to do is be able to put stuff at wb4jfi.com without
>> taking up a lot of time and effort. Every hour spent on building the
>> website is another hour taken away from SDR design, or other
>> worthwhile ham radio project. I kind of like the idea of a blog, but
>> not something that takes up a lot of time organizing the thing." 
> 
> Blogging software is a good choice, as is the CSS templated approach
> that KO4MI suggested.  Terry's last sentence though says that he's not
> interested in spending a lot of time organizing the thing.  I'll
> assume this includes looking over one's shoulder.  That's why I
> suggested that if he goes with Wordpress at all (not my first choice,
> obviously) he should go with a service bureau solution rather than
> running it himself on a hosted platform.  That way updates are Someone
> Else's Problem.  Based on his stated ambitions, I suspect that the
> lack of ability to dink around with arbitrary templates and plugins
> isn't a deal-killer for him.
> 
>> I think that WordPress best fits that bill.
> 
> Perhaps it does, perhaps it doesn't.  I'm not telling you that your
> kid is ugly or anything.  Lots of free-as-in-your-time-must-have-no-value
> software evangelists seem to react that way when you provide information
> that their platform of choice isn't the best thing since sliced bread,
> and I frankly don't get it.  Pointing out defects in a software package
> isn't a personal attack, k?
> 
>> This is a personal website, not amazon.com.
> 
> You seem to be laboring under the misapprehension that someone would
> have to intentionally target Terry in order for his site to get
> compromised.  In fact, his greatest risk likely comes from scanning
> malware that is automatically looking for vulnerabilities.  For an
> example, look at the sshd logs for any host that is connected directly
> to the Internet.
> 
> -r
> 



More information about the Tacos mailing list