I think there are a lot of valid points here, but sometimes in reality itís not as simple as ďbanning WordPress from my serverĒ or similar, as the end users maintaining the sites or updating the content are non-techie, and even with WordPress often struggle to understand some concepts. Iíve converted my own website to static content to move away from WordPress, but thatís not easy or possible for everyone. 


I suggested using WordPress as an editor and using a plugin to export to static files, and was met with blank responses. They also couldn't understand that their editor would be on a different URL to their website, and that changes may take a short while to be reflected. 


Fundamentally, WordPress is the Windows of CMSes, their large install base makes them a target and to some extent no matter now secure WordPress is, there are so many people targeting it that vulnerabilities will be found. WordPress accounts for 43% of all websites on the internet; modx is 0.1%. So it's largely security by obscurity. 


My approach is simply that I can't (easily) eliminate WordPress from my life, so I'll take every precaution to minimise the impact IF it gets compromised. For me, that's running it in containers and keeping it up to date as best possible. 



Kind regards,
Paul

+44 (0) 773 996 2121

Sent from my iPhone. Please excuse brevity, spelling, and punctuation. 

From: Peter Collins via BitFolk Users <users@mailman.bitfolk.com>
Sent: Sunday, November 26, 2023 11:08:11 AM
To: iain <iain@hairydog.co.uk>
Cc: Peter Collins via BitFolk Users <users@mailman.bitfolk.com>; Peter Collins <bitfolkvps@3720.co.uk>
Subject: [bitfolk] Re: Docker on VPS
 


On Sun, 26 Nov 2023 at 10:52, iain <iain@hairydog.co.uk> wrote:
The reality is that users do not update addons. So the admin has to do it, which is a pain and good luck with getting paid!

Again thatís not the fault of Wordpress as a platform.


Yes, the core of wordpress is pretty secure (though way too slow). 

Thatís subjective 


But that's like saying that guns don't kill people: the bullets that users put in them are the problem.

Actually what youíre describing is guns donít kill itís the person pulling the trigger.

My point remains, whatever your issues with Wordpress are, to say it shouldnít be as itís just not safe is wrong.