I think there are a lot of valid points here, but sometimes in reality it’s not as simple
as “banning WordPress from my server” or similar, as the end users maintaining the sites
or updating the content are non-techie, and even with WordPress often struggle to
understand some concepts. I’ve converted my own website to static content to move away
from WordPress, but that’s not easy or possible for everyone.
I suggested using WordPress as an editor and using a plugin to export to static files, and
was met with blank responses. They also couldn't understand that their editor would be
on a different URL to their website, and that changes may take a short while to be
reflected.
Fundamentally, WordPress is the Windows of CMSes, their large install base makes them a
target and to some extent no matter now secure WordPress is, there are so many people
targeting it that vulnerabilities will be found. WordPress accounts for 43% of all
websites on the internet; modx is 0.1%. So it's largely security by obscurity.
My approach is simply that I can't (easily) eliminate WordPress from my life, so
I'll take every precaution to minimise the impact IF it gets compromised. For me,
that's running it in containers and keeping it up to date as best possible.
Kind regards,
Paul
+44 (0) 773 996 2121
Sent from my iPhone. Please excuse brevity, spelling, and punctuation.
________________________________
From: Peter Collins via BitFolk Users <users(a)mailman.bitfolk.com>
Sent: Sunday, November 26, 2023 11:08:11 AM
To: iain <iain(a)hairydog.co.uk>
Cc: Peter Collins via BitFolk Users <users(a)mailman.bitfolk.com>om>; Peter Collins
<bitfolkvps(a)3720.co.uk>
Subject: [bitfolk] Re: Docker on VPS
On Sun, 26 Nov 2023 at 10:52, iain
<iain@hairydog.co.uk<mailto:iain@hairydog.co.uk>> wrote:
The reality is that users do not update addons. So the admin has to do it, which is a pain
and good luck with getting paid!
Again that’s not the fault of Wordpress as a platform.
Yes, the core of wordpress is pretty secure (though way too slow).
That’s subjective
But that's like saying that guns don't kill people: the bullets that users put in
them are the problem.
Actually what you’re describing is guns don’t kill it’s the person pulling the trigger.
My point remains, whatever your issues with Wordpress are, to say it shouldn’t be as it’s
just not safe is wrong.