19 Feb
2014
19 Feb
'14
12:24 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19/02/14 12:04, Andy Smith wrote:
On Wed, Feb 19, 2014 at 11:56:22AM +0000, Ian wrote:
Andy,
Just to be clear, *all* of the current Joomla software has one click
upgrade. It even warns you when you login. It's still horrible
software and even if you're totally up to date, you can still get
hacked. I got hacked on a core component when totally up to date.
IMHO, mod_security and tripwire are essential if you plan to run a
Joomla site (well any PHP site really).
And I doubt your user will have no 3rd party plugins for long.
Cheers,
- --
Matthew Moore
Surgical Materials Testing Laboratory
System Administrator
Telephone: +44 (0)1656 752165
Email: matt(a)smtl.co.uk
I haven't touched Joomla in a while, but I
think you're right: third
party stuff can have problems long after issues with the main releases
are sorted.
These sites shouldn't need any third party plugins and to be honest
if it wasn't for the fact that he'd have no idea how to later edit or
add pages, they could be static HTML.
Most appealing I have found so far is:
http://www.rochenhost.co.uk/joomla-hosting
which although doesn't keep the Joomla core up to date for you, does
at least purport to have "one click upgrade", so if I drum it into
him not to use third party plugins and to hit the upgrade button
every time it is available, he may be okay? -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTBKJoAAoJECNCOWbk0evtBqwH/jrvGxAUzOJI8pRYfg3jsLGQ
KAkHrMZz6LBVFgWC4hqiWextGhiOQMPl5y8CUCxRLfmfIWEP5NjjQU60aEV2BO7p
12+q368jyV02K0kNWwrouWWBA7Gfe09/cbvjq0iA63d3BBI2txSZAFfUIR0gu78m
mSVnN1NpO/rSAYmh8tCw0bJxTU1/q4IO/V9TbhdEwtUx3VJvFZOvMK05+7POgkc4
VWuxYXNoKHTESQZ0cLmoZUMNuIxZJzEbQKt91IP56hvzyKiKpLX/82sOOq5zwx+H
2g/Dl2crbBIvO/7fBs3BL4PZYxr5JqCBBLvo23WkOJrWngd9/v0iyXKIZvlVcO4=
=+F4b
-----END PGP SIGNATURE-----