Is wordpress any good?
- Thread starter QuickHomeBuyers
- Start date
F
Faevilangel
For free wordpress theme > http://wordpress.org/extend/themes/
For wordpress contact form & captcha download these plugins
Contact 7 -http://wordpress.org/extend/plugins/contact-form-7/
Simple Captcha - http://wordpress.org/extend/plugins/simple-captcha/
For wordpress contact form & captcha download these plugins
Contact 7 -http://wordpress.org/extend/plugins/contact-form-7/
Simple Captcha - http://wordpress.org/extend/plugins/simple-captcha/
Last edited by a moderator:
Upvote
0
M
MASSEY
They are a bit irritating to set up but for a site they are ok, they just arent very unique as a bunch of people are using them,
I saw a few on here that caught my eye www.templatemonstor.com
They are pretty cheap.
I saw a few on here that caught my eye www.templatemonstor.com
They are pretty cheap.
Upvote
0
Wordpress is great. If you are able to install it yourself (It is very easy) then it is a cheap way to have an immediately very powerful website.
It has its downsides in terms of complicating the addition of bespoke features and being more complicated to style. It depends what you need really.
It has its downsides in terms of complicating the addition of bespoke features and being more complicated to style. It depends what you need really.
Upvote
0
F
Faevilangel
General html, but you would need to upload the image to the server in the theme file so would be
domain.com /wp-content/ themes/ theme-name/ images/ logo.png
Then create the following html / php to add it to the site
Code:
<a href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>">
<img src="<?php bloginfo('template_directory'); ?>/images/logo.png" alt="<?php bloginfo('name'); ?>" />
</a>Remember to upload it into the theme file and the images file inside that
Last edited by a moderator:
Upvote
0
F
Faevilangel
Wordpress creates it's own code so you need to know how to "hack" the code or just find the code and copy the classes / Id's
Upvote
0
M
Magsite
Here's a few wordpress sites I've been involved with, both different simply by changing the theme! Jumbo Jungle Junior VIPs Domestic Violence Charity Credit Card
Upvote
0
V
VeryMark
Our whole website (www.verymark.info) was built using Wordpress, it has around 45 pages now.
It's like anything else though, you get out what you put in.
It's like anything else though, you get out what you put in.
Upvote
0
V
VeryMark
There's a program called Artisteer you can use to generate your own Wordpress themes.
Upvote
0
Yes you can. Here's how to do it: http://geeksaresexy.blogspot.com/2006/06/installing-wordpress-locally-under.html
Follow the instructions exactly or it won't work
Upvote
0
Wow, I'm a bit surprised to see so many glowing references to Wordpress without any mention of the potential danger - there have been serious security holes with Wordpress that allow hackers access to your site.
My site is reguarly visited by hacking robots trying to find the Wordpress logins looking to expose the security hole - fortunately I don't use Wordpress, but another friend of mine did... he also works in IT and is pretty street-savvy on these things but he used Wordpress not knowing about these problems. Within 2 weeks his site had been accessed and used as a server for a phishing site. His hosting company closed off his site, Google blacklisted his shiny new domain and his new business which was due to launch that week had to be delayed for weeks until the hosting company fixed their Wordpress and he got Google to unblock his site.
I have no opinion on how good Wordpress is to use, but make sure you're hosting with a safe company who are aware of the danger and running hacker-proof setups. If you ask them and they don't even know about it, you might want to think twice about who you are trusting your business with!
My site is reguarly visited by hacking robots trying to find the Wordpress logins looking to expose the security hole - fortunately I don't use Wordpress, but another friend of mine did... he also works in IT and is pretty street-savvy on these things but he used Wordpress not knowing about these problems. Within 2 weeks his site had been accessed and used as a server for a phishing site. His hosting company closed off his site, Google blacklisted his shiny new domain and his new business which was due to launch that week had to be delayed for weeks until the hosting company fixed their Wordpress and he got Google to unblock his site.
I have no opinion on how good Wordpress is to use, but make sure you're hosting with a safe company who are aware of the danger and running hacker-proof setups. If you ask them and they don't even know about it, you might want to think twice about who you are trusting your business with!
Upvote
0
Agreed!
When choosing passwords use as much of the keyboard as you can, Letters, Numbers, symbols, upper / lower case. Write down the password on a Piece of PAPER. Not one of these "password vault things"
Security holes are often closed very quick if and when they arise.
There certainly wouldn't be "22 million WordPress publishers as of February 2010" If it was a huge risk
When choosing passwords use as much of the keyboard as you can, Letters, Numbers, symbols, upper / lower case. Write down the password on a Piece of PAPER. Not one of these "password vault things"
Security holes are often closed very quick if and when they arise.
There certainly wouldn't be "22 million WordPress publishers as of February 2010" If it was a huge risk
Last edited:
Upvote
0
T
The Ville
Wordpress is OK, but you need to keep the software updated and there is an issue with uploading images and other media.
Some people are not familiar with the way servers need to be set up for Wordpress (even some hosting companies have problems understanding the issues).
Basically you have to be sure that the permissions on the folders that hold the images are secure, whilst at the same time the hosting company has to change the user of the folder. Once these are set correctly then images can be uploaded securely using Wordpress.
If it isn't done correctly then the site can be hacked and it will probably be hacked quite quickly (within days or weeks).
The alternative for uploading images other than Wordpress is to use an FTP programme. By doing this, the folders still need secure permissions, but the user of the folder doesn't have to be changed by the hosting company (or any other configuration they may do to achieve a similar result).
The design and layout of a Wordpress site can be created from scratch (quite hard) or you can download a template and modify it (easier, mainly editing of the CSS and graphics).
Any piece of generic software like Wordpress or Joomla will be targeted by hackers because the software is widely distributed. Hence the hackers think that if they find one flaw to exploit, they can attack thousands of sites.
Some people are not familiar with the way servers need to be set up for Wordpress (even some hosting companies have problems understanding the issues).
Basically you have to be sure that the permissions on the folders that hold the images are secure, whilst at the same time the hosting company has to change the user of the folder. Once these are set correctly then images can be uploaded securely using Wordpress.
If it isn't done correctly then the site can be hacked and it will probably be hacked quite quickly (within days or weeks).
The alternative for uploading images other than Wordpress is to use an FTP programme. By doing this, the folders still need secure permissions, but the user of the folder doesn't have to be changed by the hosting company (or any other configuration they may do to achieve a similar result).
The design and layout of a Wordpress site can be created from scratch (quite hard) or you can download a template and modify it (easier, mainly editing of the CSS and graphics).
Any piece of generic software like Wordpress or Joomla will be targeted by hackers because the software is widely distributed. Hence the hackers think that if they find one flaw to exploit, they can attack thousands of sites.
Last edited by a moderator:
Upvote
0
"Tosh" indeed. I'm afraid these replies are indicative of the complacency and lack of understanding that causes so many problems on the internet - the issue with Wordpress was widely publicised including on their own site:
http://wordpress.org/development/2009/08/2-8-4-security-release/
It really doesn't matter how quickly something like this is fixed at source, the bug itself was already present in versions installed and available around the world. If you think that the tens of thousands of web hosting companies around the world have nothing better to do than sit and monitor dozens of software providers checking for security holes, and then patching them immediately outside of working hours, you can have no idea of how large-scale IT infrastructure maintenance works in the real world. Meanwhile, hackers run bots to roam around the internet and exploit the holes - in this case there was no way to even know the phishing site was being hosted without checking hidden directories and logs, hardly obvious enough for hosting companies to notice until complaints come in.
In the case I mentioned above, the hosting company was UK2.NET - I suspect they have/had rather a lot of sites that were subsequently exposed to this issue, and I suspect that an awful lot more hosting companies had the same issues. Providing fixes to bugs and updates to software does not ensure end-users install them, that's why 18% of browsers are still running ropey old IE6 with all of their problems!
http://wordpress.org/development/2009/08/2-8-4-security-release/
It really doesn't matter how quickly something like this is fixed at source, the bug itself was already present in versions installed and available around the world. If you think that the tens of thousands of web hosting companies around the world have nothing better to do than sit and monitor dozens of software providers checking for security holes, and then patching them immediately outside of working hours, you can have no idea of how large-scale IT infrastructure maintenance works in the real world. Meanwhile, hackers run bots to roam around the internet and exploit the holes - in this case there was no way to even know the phishing site was being hosted without checking hidden directories and logs, hardly obvious enough for hosting companies to notice until complaints come in.
In the case I mentioned above, the hosting company was UK2.NET - I suspect they have/had rather a lot of sites that were subsequently exposed to this issue, and I suspect that an awful lot more hosting companies had the same issues. Providing fixes to bugs and updates to software does not ensure end-users install them, that's why 18% of browsers are still running ropey old IE6 with all of their problems!
Upvote
0
Great, I'm sure UK2.NET et al's out-of-hours support teams jump to it every time something is available
There is something called platform stability.I don't think you'll find (m)any hosts that allow you to install and update your own versions of software on their boxes, not unless you are paying for dedicated hosting on a standalone server for a few grand per annum.
Upvote
0
But it's not just wordpress. Any site with lax security can be hacked. Set up a contact form with no sanitisation, a CMS with easy to remember passwords, a site with multi-user access, even access to the directory structure all give hackers an opportunity to break in.
Then as you say there is the user who has a old browser, no firewall, keeps all their passwords in a file called passwords and happily downloads screensavers and the like from iffy eastern european sites.
Most ISPs get walloped at some time or another usually due to stupid site owners making it easy for the hackers and associated scriptkiddies.
Upvote
0
D
Dawg
If you are worried about WP security you can use easily accessible plugins to harden the site up.
Secure-Wordpress
Ask Apache Password protect
Use a prefix changer.
I find a good password and updates are fine. Remember to update the plugins as well as the WP install.
Details in the WP codex, (as usual, as it's a good bit of well backed kit).
Some hosts are better than others at dealing with WP. I know of an otherwise excellent host whose system is set up making updates so slow they time out, and who needs manual permission changes if you FTP anything. I find Vidahost excellent for WP, and run 20+ WP sites through them.
Secure-Wordpress
Ask Apache Password protect
Use a prefix changer.
I find a good password and updates are fine. Remember to update the plugins as well as the WP install.
Details in the WP codex, (as usual, as it's a good bit of well backed kit).
Some hosts are better than others at dealing with WP. I know of an otherwise excellent host whose system is set up making updates so slow they time out, and who needs manual permission changes if you FTP anything. I find Vidahost excellent for WP, and run 20+ WP sites through them.
Upvote
0
F
Faevilangel
Great, I'm sure UK2.NET et al's out-of-hours support teams jump to it every time something is available
I don't think you'll find (m)any hosts that allow you to install and update your own versions of software on their boxes, not unless you are paying for dedicated hosting on a standalone server for a few grand per annum.
99% will
That's why hosts give you access to Cpanel and FTP You're just spouting crap, wordpress is one of the most stable platforms around with 22 million users. No one just uses a platform, it needs to perform as well.
I run 6 wordpress sites personally and on average of 15 clients sites, and never had ANY security issues. As long as the site is updated and you fix the basic security then you will be fine.
1) Go into phpmyadmin and delete the admin user
2) Set up a new user with a less obscure name e.g. paul-admin
3) Use this plugin to stop people guessing the passwords
4) Install this plugin to only allow admins and editors into the wp-admin loigin page
There are numerous ways to improve wordpress but just updating wp to the latest version will be enough
Upvote
0
Yes we all know insecurities and issues, and the weakest link in a chain and all that - it's not just Wordpress I agree, but in their case there was a major bug that went worldwide and resulted in people's sites being used for phishing and blacklisted on Google. That was down to a combination of Wordpress poor testing and hosting sites ignorance and lack of responsiveness.
Hence, in terms of somebody asking whether Wordpress is any good, a suitable warning about these issues is entirely appropriate - it's a simple question to ask the hosting company and they should be able to answer it. Why would it be bad to explain this and encourage people to understand the issues and risks?
Yes, but not as often due to major flaws in security issued by a popular software package eh.
Upvote
0
99% will
As long as the site is updated and you fix the basic security then you will be fine.
1) Go into phpmyadmin and delete the admin user
2) Set up a new user with a less obscure name e.g. paul-admin
3) Use this plugin to stop people guessing the passwords
4) Install this plugin to only allow admins and editors into the wp-admin loigin page
There are numerous ways to improve wordpress but just updating wp to the latest version will be enough
Have you ever heard the phrase "division of labour"? The *average* Wordpress user would have absolutely no idea what any of that means, any neither should they need to. The people who need to handle the issues are Wordpress themselves and the hosting companies - Wordpress have already shown their security testing is lax, and hosting companies are often pretty damn crap. Hence it is sensible for anyone looking into Wordpress to have something simple they can check about without just assuming they can Google for "Wordpress web hosting" and merrily continue on their way.
Yes of course I am, 25 years in the industry including anti-virus and hacking and I'm just making it all up for fun.
Your sites are not 100% safe, and open source projects are amongst the least secure and flakey pieces of software you can find - hope that helpsIf I am wrong tell me
Upvote
0
F
Faevilangel
Anyone who knows how to sign into wp, will see the "update wordpress" option when it glows yellow.
Wouldn't suprise me, the only wp blogs that get hacked are ones that don't update them. It's not upto a host to do it as they will have hundreds or thousands of wp blogs on their servers.
Your sites are not 100% safe, and open source projects are amongst the least secure and flakey pieces of software you can find - hope that helps
How many actually get hacked? Open source means anyone can see the source code, so some one is going to try and hack it. No code is unhackable, as long as you keep wp updated, it will be fine.
My sites have never been hacked, I use WP and I keep it updated.
Upvote
0
Groan, you just don't seem to understand the risks and the causes. I think we will have to just agree to disagree since you seem to think the world needs to sit at their PCs monitoring that button all day to prevent hackers accessing their sites and servers - has it ever occurred to you that the "I must update to the latest version at any cost" mentality is exactly what put the major security bug out there in the first place? Are you ready to press that button all through the night in case someone finds another bug? Do you think people find and fix the bugs and make the fixes available worldwide instantaneously?
Oh well.
Upvote
0
F
Faevilangel
Duh of course not... When you login to WP it tells you if an update is available which is not very often. Upgrading to the latest version is the best way to secure your site. If you really are scared about the "security of open source software" then get a custom solution made.
I have had NO wp issues nor has any client, As long as you keep it updated, it shouldn't have any issues.
Upvote
0
Upvote
0
Of course nothing is 100%, I've said as much above, but also as I said above Wordpress (like many other open source projects) have been shown to have lax testing with regards to security, and *more importantly* many web hosting companies are unaware of the issues - hence my original point to check it out.
Because that's not what he's saying - he's saying every Wordpress user should just blindly update when a new version is available and hence there is no problem in the Wordpress world. This is not sensible advice to resolve the potential issues since (a) most users will not have access and/or not understand what that means, and (b) the "update straight away" mentality makes you more susceptible to these bugs. This is, after all, why there are beta testers, why people don't install XP service packs for a looooong time to ensure there are no others issues introduced, and - no doubt - why those people who installed the broken version of Wordpress mentioned above, wished they had just waited until it had been tried and found to be flawed by other users first.
If for example, you know Honda had safety flaws in some of their cars, do you not think it would be sensible to know which models to check for which flaws before you buy? Or do you take Faevilange's attitude which is to not worry about it, buy the car without checking the model or whether the known fault has been fixed, and happily drive it down the motorway with your kids in the back... but make sure you take the car back if they send you a letter advising there's a safety issue? After all, Honda sell lots of cars so they must be safe and his Honda has never gone wrong...
Upvote
0
F
Faevilangel
Upvote
0
Latest Articles
-
What Carphone Warehouse, Microsoft and Uber Have in Common: They Started in a DownturnThere's a comforting myth that you need a booming economy to start...- Ozzy
- Updated:
-
What Makes a Small Business Actually Sellable?There's a question that a lot of small business owners never think to...
- Ozzy
- Updated:
-
Why Your Team Keeps Asking the Same Questions (And What to Actually Do About It)Every small business owner knows the moment. You're halfway through...
- Ozzy
- Updated:
-
At What Point Do Courier Losses Just Become a Cost of Doing Business?If you sell physical products online, you already know the feeling. You...
- Ozzy
- Updated:
-
What I Wish I'd Known Before Using AI in My BusinessSomewhere between the headlines promising AI will transform everything...
- Ozzy
- Updated: