Why not to use WordPress for you Automotive Blog

-

In regards to questions on my post about Wordpress blogs. Number one let me make perfectly clear as stated in the post “Wordpress is an impressive software package that allows individuals with minimal understanding of web design to put together a web site rapidly, and for personal use it is unmatched

The second thing I should mention is that just because your wordpress site has not been defaced that does not mean it could not be or has not been hacked. Hackers attack sites and applications for various reasons, weather that be to test their skill set, deface sites with their tags and graphics, site hijacking, scanning databases for personal information, and the list of reasons go on and on. Doing a simple search of wordpress hacked will bring back thousands of results with most of them pointing to information on how to recover from a hacked wordpress site. Trust me all the various security gurus out there would not of taken the time to cover the topic in such great detail if it was not a major issue.

Yes Wordpress is an open source software package. What that means is the easy of developers to tweak code and/or add custom plug-ins is available. What that also means is the hackers don't have to do much work to know the layout of your site's files, the structure of your database, where your site upload pages are, which pages include your database connection information, which pages contain your data queries, etc.. Again running a simple website or blog that is not collection user information, and is updated regularly is not at great risk but it is still at risk.

Recovering from a compromised site can be a costly and time consuming project.

Having worked as an application security & development annalist for over the last 20 years, I can not begin to count the number of people who I have had to help recover from a wordpress hacked site. Sadly most of them were running simple little sites that really had no need for all the bloated code that comes in a premade cms template. All that being said I'm not going to ask anyone to take my word for it each individual should do their own due diligence and research the topic for themselves. Here are some great links to get you started.

OWASP Wordpress Security Checklist Projecthttps://www.owasp.org/index.php/OWASP_Wordpress_Security_Checklist_Project


OWASP vulnerabilities relevant to WordPress
http://security.stackexchange.com/questions/29930/what-vulnerabilities-in-the-owasp-top-10-are-relevant-to-wordpress


WordPress.org information on recovering from database hack
http://wordpress.org/support/topic/post-hack-database-inspection-and-cleanup

WordPress.org Listing of Maintenance and Security updates
http://wordpress.org/news/category/security/
RandomStorm Backtrack cross site scripting information

Comments

Post a Comment

Popular posts from this blog

Protopage a great iGoogle Alternative

-
Well if you haven't heard iGoogle will be shut down by Google in November of 2013, so it may be time to look at some alternatives. I recently came across Protopage you can find them here http://www.protopage.com/ Protopage launched in 2005 and is still going despite nearly every other start page shutting down or becoming derelict. Due to popular demand, they have released better support for tablets and larger smartphones, so that you have the choice between viewing the mobile version or the normal version of Protopage on your device. There isn't much to dislike about Protopage. It has a very nice Web 2.0-oriented design, and it is very solid in every area that you expect from a personalized start page. The ability to view multiple RSS feeds in a single module and the integrated podcasts puts this start page right up there among the best. What’s the business model? No idea. It’s totally free and sans-ads, at least for now. No registration at all is requir...
Read more

A simple Flex Builder contact form

-
Ok here is my simple flex builder contact form. It will validate fields then post form data to a backend page for processing. This Flex Builder Form does not use the httpservice to retrieve information its just a simple post form that keeps the bots from filling out the form on a standard web site   <?xml version="1.0" encoding="utf-8"?> <mx:Application xmlns:validators="validators.*" applicationComplete="validator()" xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute" width="480" height="500" backgroundGradientColors="[#ffffff, #ffffff]"> <mx:Script>                 <![CDATA[                                 private function ...
Read more

Designing a Better Contact Page

-
Image
A good contact page is essential for maintaining relationships with your visitors. Whether we’re talking eCommerce, magazines, personal websites, online services, users will usually seek out a contact page as their first means of communication with you. Oddly enough, many web designers neglect the humble contact page, even considering it one of the least important aspects of a website. Let’s put that right. The Importance of a Good Contact Page A contact page is often overlooked. How many times have you visited a website, wanting to get in touch to complain about a product or service, or ask a question? And how often have you struggled with a contact form? A good contact page can benefit any type of business. It can improve customer satisfaction by helping users with their problems. It can also help a business improve its products and services by providing an avenue for valuable feedback. Other channels can be limited when it comes to user feedback. Television, radio, magazines, news...
Read more