• wordpress 6.2

    From Utopian Galt@21:4/108 to All on Sun Jul 9 20:02:57 2023
    I feel like Wordpress is a horrible idea now. I rather use widgets than the new
    system they are doing right now.


    --- WWIV 5.9.0.3695[Windows]
    * Origin: inland utopia * california * iutopia.duckdns.org:2023 (21:4/108)
  • From Roon@21:4/148 to Utopian Galt on Mon Jul 10 08:37:04 2023
    Hello Utopian,

    09 Jul 23 20:02, you wrote to All:

    I feel like Wordpress is a horrible idea now. I rather use widgets
    than the new system they are doing right now.

    we are hosting a couple of wordpress sites, they are all hacked all the time.

    Regards,
    --
    dp

    telnet://bbs.roonsbbs.hu:1212 <<=-

    ... Uptime: 13d 9h 56m 11s
    --- GoldED/2 1.1.4.7+EMX
    * Origin: Roon's BBS - Budapest, HUNGARY (21:4/148)
  • From tassiebob@21:3/169 to Utopian Galt on Fri Jul 14 19:30:46 2023
    I feel like Wordpress is a horrible idea now. I rather use widgets than the new

    I started using Hugo a while back to build a completely static site.

    I create the content locally and push it to git. The web server pulls the updates from the git repo, builds the site (simplistically - converts the markdown to html), then moves the newly built site into place so the web server can serve it.

    Doesn't really work for database driven things, but my previous Wordpress hacker magnet was just serving pretty much static posts anyway.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: TassieBob BBS, Hobart, Tasmania (21:3/169)
  • From hollowone@21:2/150 to Roon on Tue Jul 18 13:52:53 2023
    we are hosting a couple of wordpress sites, they are all hacked all the time.

    Well, Wordpress is full of vulnerabilities, that's true, but also quickly fixed if you know how to maintain it. Bigger problem is with plugins, they are often not so speedy with security hotfixes.

    Also custom code that marketing agencies add are often pron to problems and they totally do not understand and underestimate security.

    As I'd not like to recommend WP, still if you need to manage one from cybersec perspective you better hire some real-time vulnerability and high availability scanners that can help you find flaws quickly (I use F-Secure Radar and Site 24x7 simultaneously.

    Additionally all the admin stuff starting from /wp-admin, backend apis and other backdoors known to the public are hidden via VPN as the server rule.

    You cannot access them unless you break the VPN.

    All together help me sleep and only gives me arguments to bash and hammer the agency and marketing and as I do own hosting environment at the company, I always backstab them saying that I'll switch it off and inform CEO about the hack unless they fix it in a minute.

    Fortunately I can do it as CEO is on my side.. but if you don't have such mandate, you better find the way to discipline your marketing department and their digital partners by working policies and sole responsibility over app level of the CMS infra - contracturarily and with big penalties. That's where they sort of calm down and start cooperating better and thus creating your mandate of power when you manage CyberSec of those sites.

    -h1

    ... Xerox Alto was the thing. Anything after we use is just a mere copy.

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)
  • From poindexter FORTRAN@21:4/122 to hollowone on Wed Jul 19 08:22:00 2023
    hollowone wrote to Roon <=-

    As I'd not like to recommend WP, still if you need to manage one from cybersec perspective you better hire some real-time vulnerability and
    high availability scanners that can help you find flaws quickly (I use F-Secure Radar and Site 24x7 simultaneously.

    Wordfence does a pretty good job of managing notification of vulns and
    does some rate limiting on suspicious traffic.

    Since Wordpress is the most well known platform these days, it gets
    used in a lot of places where a full CRM isn't needed. I've seen
    companies with landing pages set up in WP.

    I'm curious to try out some of the static site generators like Hugo.
    All I really need blog software to do is format text or markup
    language.

    Fortunately I can do it as CEO is on my side.. but if you don't have
    such mandate, you better find the way to discipline your marketing department and their digital partners by working policies and sole responsibility over app level of the CMS infra - contracturarily and
    with big penalties. That's where they sort of calm down and start cooperating better and thus creating your mandate of power when you
    manage CyberSec of those sites.

    My company just got rid of a "managed" WP site. Managing, to them,
    meant site changes and processing updates for Wordpress and plugins
    twice a year. I was given admin access and just started pouring through
    updates as soon as they hit the server.





    ... Xerox Alto was the thing. Anything after we use is just a mere
    copy.

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)

    ... The most easily forgotten thing is the most important
    --- MultiMail/Win v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)