Ne krivite WordPress

migrirati premjestiti wordpress

90,000 hakera trenutno pokušavate ući u vašu WordPress instalaciju. To je smiješna statistika, ali ukazuje i na popularnost najpopularnijeg sistema upravljanja sadržajem na svijetu. Iako smo prilično agnostični u vezi sa sistemima za upravljanje sadržajem, duboko, duboko poštujemo WordPress i podržavamo većinu instalacija naših klijenata na njemu.

Ne slažem se nužno sa osnivač WordPressa koji CMS-om u velikoj mjeri skreće pažnju na sigurnosna pitanja. Iako ljudi mogu promijeniti administrativnu prijavu od administratora, najveća prednost WordPressa uvijek je bila instalacija jednim klikom. Ako želite da promijene prijavu, to je više od jednog klika!

Uz to, ne sviđa mi se činjenica što je zaslon za prijavu tvrdo kodirana staza koja se ne može mijenjati. Vjerujem da bi bilo vrlo jednostavno da WordPress dopusti prilagođeni put.

Svejedno, svaka agencija koja gradi i podržava WordPress web stranice drži većinu odgovornosti u svojim rukama. Mi ugošćujemo sve naše klijente zamašnjak budući da rade tako nevjerovatan posao nadzora sigurnosti i osiguranja jačih lozinki. Kao dobro, zamašnjak zahtijeva da koristite drugu prijavu od admin kada s njima kreirate WordPress instancu.

Imamo i druge klijente koji su imali ozbiljnih problema s WordPressom ... grešaka, problema s performansama i teške administracije. Sve ovo ipak nisu WordPress problemi. Jesu Pitanja za WordPress programere. Jedan od naših klijenata je platforma za prijedloge prodaje - i oni imaju vrlo prilagođeni sadržaj na cijeloj svojoj web lokaciji. Dizajnirana od strane druge agencije, administriranje njihovih stranica prilično je jednostavno koristeći neka napredna prilagođena polja:

napredna-prilagođena polja

korišćenje Napredna prilagođena polja, Gravity Obrasci i neki dobar razvoj teme, Highbridge je uspio izraditi cijelu stranicu za popunjavanje poslova za klijenta. To funkcionira besprijekorno, a njihovo osoblje je reklo da je administracija san.

angažovanje partnera

Vaša WordPress stranica i vaša WordPress sigurnost jednako su dobri kao i infrastruktura na kojoj je izgrađena, kao i razvoj teme i dodataka koje ste uključili. Ne krivite WordPress ... pronađite novog programera i novo mjesto za njegovo hostiranje!

8 Komentari

  1. 1

    We can’t always go back to the producer of the platform and say “It’s your fault this happened.”

    I agree that there are some security holes that WP has never really addressed, and I to like the 1 click install. However, I like a secure site more, so I’ll take that extra step. My mistake was that even though I created a new uber admin account with a new username, I did not delete the old admin account. This allowed my site to get hacked.

    Overlooking these things become easy because we trust the makers of the platforms, but it is our responisbility to be the gatekeepers of our own site. We need to fortify the kingdom as it were.

    Odlična pošta.

  2. 2

    “Additionally, I don’t like the fact that the login screen is a hard-coded path that cannot be modified. I do believe it would be quite simple for WordPress to allow a custom path.” I cannot agree with you more. The fact that the login screen is a hard-coded path – the /wp-admin – and you cannot change that is, in my opinion, easing the work of hackers that are trying to get into your blog. Thanks for writing this article, there are many things with which I agree very much, Douglas.

  3. 3
  4. 5

    “…the biggest benefit of WordPress has always been the 1-click install”. You don’t really mean that, do you? I TOTALLY agree with the rest of the article, though, and especially agree that it falls on us as agencies, hosting companies and developers to do a better job of securing the (free) CMS that’s made us all so much money in the last 10 years.

    • 6

      The 1-click installation and continued ease of maintenance are absolutely what’s exploded the growth of WordPress. I’m not saying that’s the only benefit – there are hundreds more. But there are plenty of other free CMS systems out there that lacked the simple installation that WordPress did… when people couldn’t configure them, they dropped them.

      • 7

        I get what you’re saying, but 1-click isn’t a WordPress feature, it’s a hosting account feature.WP is famous for it’s 5 minute install, not its 1-click install. A 5 minute install that allows you to pick a username ever since version 3.0. Hosts could easily change the WP 1-click Install script to make the admin username more secure.

        WP has blown up because the community supporting it reached critical mass, something other CMS failed to do. Ease of installation and on-going maintenance definitely played an important role in that, but there are a number of factors that have had a far larger impact than that (e.g. the advent of custom post types).

        Another point to make is that there isn’t 90,000 hackers out there trying to break into known WP installs. That’s a bit of a misrepresentation. 90,000 IP addresses isn’t nearly the equivalent of 90,000 hackers, who could easily do a heck of a lot more damage than a botnet.

        Overall, I agree with what you’re saying. We have to take steps to secure WP if we’re going to offer it up as a solution to our clients. Getting your WP Install hacked and blaming it on the core product is like getting a virus on your PC and blaming it on Microsoft’s lack of security. We need to be careful or we’re going to end up with security options we don’t want added to the base product.

  5. 8

Šta ti misliš?

Ova stranica koristi Akismet kako bi smanjila neželjenu poštu. Saznajte kako se podaci vašeg komentara obrađuju.