Yes, Wordpress has a large following. But it is nothing like as much as 45% Maybe 4.5%. 

You imply that Modx is only more secure because it is less common. 

Firstly, there's no basis for this. There would be exploits if there were holes.

Secondly, security by obscurity IS security. Not ideal, but if it works...

The problem with flat filing Wordpress output is that WP generates second-rate html. OK it's not Wix awful, but it's not good.


On 26 Nov 2023 at 11:19, Paul Lewis via BitFolk Users <users@mailman.bitfolk.com> wrote:

I think there are a lot of valid points here, but sometimes in reality it’s not as simple as “banning WordPress from my server” or similar, as the end users maintaining the sites or updating the content are non-techie, and even with WordPress often struggle to understand some concepts. I’ve converted my own website to static content to move away from WordPress, but that’s not easy or possible for everyone. 


I suggested using WordPress as an editor and using a plugin to export to static files, and was met with blank responses. They also couldn't understand that their editor would be on a different URL to their website, and that changes may take a short while to be reflected. 


Fundamentally, WordPress is the Windows of CMSes, their large install base makes them a target and to some extent no matter now secure WordPress is, there are so many people targeting it that vulnerabilities will be found. WordPress accounts for 43% of all websites on the internet; modx is 0.1%. So it's largely security by obscurity. 


My approach is simply that I can't (easily) eliminate WordPress from my life, so I'll take every precaution to minimise the impact IF it gets compromised. For me, that's running it in containers and keeping it up to date as best possible. 



Kind regards,
Paul

+44 (0) 773 996 2121

Sent from my iPhone. Please excuse brevity, spelling, and punctuation. 

From: Peter Collins via BitFolk Users <users@mailman.bitfolk.com>
Sent: Sunday, November 26, 2023 11:08:11 AM
To: iain <iain@hairydog.co.uk>
Cc: Peter Collins via BitFolk Users <users@mailman.bitfolk.com>; Peter Collins <bitfolkvps@3720.co.uk>
Subject: [bitfolk] Re: Docker on VPS
 


On Sun, 26 Nov 2023 at 10:52, iain <iain@hairydog.co.uk> wrote:
The reality is that users do not update addons. So the admin has to do it, which is a pain and good luck with getting paid!

Again that’s not the fault of Wordpress as a platform.


Yes, the core of wordpress is pretty secure (though way too slow). 

That’s subjective 


But that's like saying that guns don't kill people: the bullets that users put in them are the problem.

Actually what you’re describing is guns don’t kill it’s the person pulling the trigger.

My point remains, whatever your issues with Wordpress are, to say it shouldn’t be as it’s just not safe is wrong.

_______________________________________________
BitFolk Users mailing list <users@mailman.bitfolk.com>
You're subscribed as <iain@hairydog.co.uk>
Unsubscribe: <https://mailman.bitfolk.com/mailman/postorius/lists/users.mailman.bitfolk.com/>
or send an email to <users-leave@mailman.bitfolk.com>