WordPress a Failure?

[SF]

Hi Guys,

I am having endless problems since 3 years ago I started using word press, There is so many flaws and hacks that it is really not a good idea to be using anymore.

My question is what else would you build a site in? standard HTML?

Thanks
Sean

 

[Adam H]

Love wordpress personally in comparison to most alternatives out there, very rarely have issues, although most of the issues i come across on clients sites are normally related to poorly configured servers, insecure servers, poorly hardened installs, using every plugin under the sun and general poor up keep.

The thought of doing a HTML static page site now days make me shudder, Its either wordpress or bespoke script to accomplish whats needed.

I guess it depends very much on the type of site being adapted though, if its a 5 page site designed for adsense then seems pointless adding the additional overhead of a database.

If they are small sites you might want to check out the flat file scripts ( database less ) you can see some here ; http://www.hongkiat.com/blog/flat-cms/

Ive used Kirby which was quite fun and very clean to play with.

 

[SF]

Thanks for the reply, its just that pretty much every site that ive had built has ended up being hacked to bits, looking at html and cms templates online.

 

[monaghan]

Any system is open to attack, if you ensure you have settings right and you use supported and updated plugins you should be quite safe, of course there's very few systems that can't be hacked into with time and skill, but the average WP hacker will be looking for a known exploit that's not been patched.

I remember seeing something a while ago about using Google to search for un-patched WP sites and then firing the URL's into standard script-kiddie hacking tools.

Whatever tool you use for your site needs to be configured right AND kept up to date

 

[SF]

Hi Alex

I suppose your right, but i can honestly say that 5/5 word press sites Ive had built has all ended up being trashed. They seem to get in via plugins - web forms, or just brute attacks.

It also has a knock on effect you end up loosing all the website and have to start again from scratch.

I am building in good old HTML now trying to get a few sites back online which have been hacked.

 

[DomainM]

Wordpress is an awesome tool, but as it's so popular it's critically important that you have a secure server and keep all installs up-to-date. With at least 25% of all sites now using WP it has become an easy target for hackers.

If you're after a super flexible CMS which has a proven history for being secure, I would suggest MODX (modx.com). I've built hundreds of sites using MODX, it's a quick CMS to template with a very friendly community of users.

Concrete5 is also a good CMS if you prefer editing your website from the front-end UI, it's very intuitive but requires more work to build bespoke templates.

All these systems require professional hosting, and should be regularly updated.

 

[seemly]

Topical post on SmashingMagazine:
http://www.smashingmagazine.com/2015/11/modern-static-website-generators-next-big-thing/

 

[spiderspider]

If you've had 5 sites hacked, in a short space of time, you're doing something seriously wrong. That may sound harsh, but there is clearly something wrong here. If everyone had the same as you, then no one would be using Wordpress. In years of using wordpress, I've had 1 site hacked, as I installed a plugin that came from a dodgy source.

It is simple to protect Wordpress, and just a few tips to help:

- Always use the latest version, and update it when it says it has updates. Only install it from the genuine source, or softalicious on your server etc.
- Only download plugins from wordpress itself. Don't install from anywhere else.
- Only install ESSENTIAL plugins. The mroe you have, the greater chance of exploits there is. As an example, my site with the most plugins, has 8, the least has 3.
- NEVER have a user called 'Admin' or any word containing admin.
- Make sure that passwords are strong, and conTain CaPiTals and 653 £$)
- Install, configure and learn how to use WordFence, this can block the brute force, fakes and those attempting to access pages that aren't there.

If you do above, and still get hacked, then there should be questions asked about your hosting.

 

[SF]

Well Ive just used a free HTML template and tailorised it to fit my needs, seems very simple enough but I am not sure how I am going to get the web form working!!

 

[monaghan]

Well Ive just used a free HTML template and tailorised it to fit my needs, seems very simple enough but I am not sure how I am going to get the web form working!!

Your web form will still require a dynamic element to process it and therefore a potential for someone to attack you.

From my experience of fixing broken customer sites, most CMS attacks are known exploits, there's very few out there who can actually perform their own "clean" attack. The advise above about where to get plugins from and using trusted ones AND applying ALL security fixes will protect you from most attacks as the "hack script" will fail and they'll move onto the next site in the list.

 

[bluerock]

Well Ive just used a free HTML template and tailorised it to fit my needs, seems very simple enough but I am not sure how I am going to get the web form working!!

If you have used a free template make sure its mobile ready or your wasting your time. Themeforest has good html templates for just a few $.
Have you considered Joomla?

 

[Adam H]

If you have used a free template make sure its mobile ready or your wasting your time. Themeforest has good html templates for just a few $.
Have you considered Joomla?

If he gets hacked alot with wordpress do you really think Joomla is a good idea lol

 

[SF]

If you have used a free template make sure its mobile ready or your wasting your time. Themeforest has good html templates for just a few $.
Have you considered Joomla?

ok Ive just wasted 3 days for nothing its not mobile friendly arrghhh

 

[leec]

Another tip with Wordpress is what type of machine are you logging in from?

If it's Windows, has it got a keylogger on it or some other type of malware installed?

Over the years many people have had logins and FTP details stolen this way. So could be another reason for the hacks.

Also it's important to have the latest version of WP installed too.

Other high risks include dodgy themes, plugins etc. Hosting companies can also be to blame too.


Hope this helps. Sorry if you know the above, just wanted to post as the little things can help.



Cheers

 

[Admin]

If you want an easy way to add a form to a static site, take a look here:
https://formspree.io/

Web templates ... www.html5webtemplates.co.uk

 

[SF]

Thanks Admin just what i was looking for

 

[Kari]

SF

sending you a quick PM

 

[fastworld]

Use bootstrap, buy a template for $15 from wrapbootstrap, done in 1/2 hr