That just sounds like poorly coded/rendered websites. TTFB is not the cause of that issue. It's a metric which has more to do with server response time than content rendering.
Upvote
0
Which back end for our website?
- Thread starter eteb3
- Start date
There is no such thing as "properly coded" Wordpress website. Its whole architecture is flawed at the very base. You cannot fix it, its a massive bowl of spagghetti, unless you dump it and start coding it from scratch. If you want to see a "secure by design" architecture look at Laravel, compare side by side, only then you can tell the difference.
Upvote
0
But your post highlighted security issues not the code base. Two totally different things. A secure password with 2FA will be sufficient in most cases.
And whilst laraval may be a better platform the local knitting club would struggle to create a site whereas with Wordpress it’s not to difficult to get started.
And very few people ever concern themselves with the architecture of anything webby.
Upvote
0
See this is the problem most people have. Because they have not worked on developing plugins, or changing the code themselves, they do not really know how Wordpress code works underneath.
People wrongly assume the password is the most important thing. While actually it is not. You may have the best password and the nicest 2FA enabled. Still you protect only the login aspect of the site.
Let me make it easy for you to understand. The way Wordpress is setup every file in Worpress is public. They are like doors. And some of these doors are opened. Especially the plugins. Wide opened and not locked.
Upvote
0
As a plugin developer whose recent submission has been accepted I can assure you plugins are now far more secure.
Two of my site are bombarded with attacks, thousands every day. So far they have resisted all those attacks. So I’m not so sure your assertions are valid.
Of course there will be multiple breaches of security. But that’s more to do with lax security and configuration by both site owners and developers.
Two of my site are bombarded with attacks, thousands every day. So far they have resisted all those attacks. So I’m not so sure your assertions are valid.
Of course there will be multiple breaches of security. But that’s more to do with lax security and configuration by both site owners and developers.
Upvote
0
As a Zend Certified Engineer myself, I can asure you the plugins in Wordpress today are as insecure as they have always been. Just see the hundreds of vulnerabilities in plugins found this year (2024), ranging from SQL injection to remote file inclusions: https: //www.wordfence.com/blog/2024/06/wordfence-intelligence-weekly-wordpress-vulnerability-report-may-27-2024-to-june-2-2024/
> Two of my site are bombarded with attacks, thousands every day.
Your Wordpress sites are bombarded with attacks, not every day but every second literally. And the reason is Wordpress is easy target, many open doors, not locked.
> But that’s more to do with lax security and configuration by both site owners and developers.
Its easy to blame site owners and developers. Yet I have not seen a single Laravel website breached.
Upvote
0
Old plugins. All new plugins are far more secure.
And whilst Laravel may be far more secure, building a website needs specialist skills. Your average small business is going to choose the easy option.
I understand what you are saying but for most WordPress does the job. That's not going to change for a long time. Maybe not ever until other platforms make it as easy to install and build a site.
Upvote
0
Hi there,
WordPress is still the way to go as it's the strongest platform out there. Now you can find fault with anything but you will usually find 'less fault' with WordPress.
Once something better comes out all the developers will move to it but as yet - nothing has overtaken it.
I've never heard of Framer, Squarespace is okay but WordPress is just so much more robust and it's still the 'market' really.
Upvote
0
You see I find this odd as I've been developing with WordPress for 11 years and NEVER had a site hacked. It's just of the millions out there those who put the admin as admin and password as password will be in trouble.
However, if you take care you will be fine. Laravel is great and all but they don't get hacked as much as they don't index as well for SEO, are not as easy for bots to identify (which is true) but also, there are less of them out there and hackers are smart - they go where the market is largest.
Using Laravel though, when and if a client leaves a developer then the likeyhood is for others to take it over then it's expensive or people will simply say you need to start again.
Upvote
0
I've had the opportunity to clean numerous infected WordPress sites over the years. As such, I highly doubt that your WordPress security has been impeccable for 11 years without any issues. It's more likely that someone else is managing the security for you, or you might not even be aware that your website is infected, which is a serious concern. Not all infections are easily noticeable to the human eye.
Upvote
0
What do you mean it does not need a developer?
It needs someone to setup a server, install PHP, install database, download Wordpress, unpack it. Install it. Apply all the security measures. Regularly check for infections. Apply updates to Worpress and plugins. Update the server with the latest security updates.
This is all development work.
Its best to go with something free/managed like a FB page.
Upvote
0
Nope. You login to your hosting and click the button that says ‘install Wordpress’ almost all of them have this built in as standard. Updates can all be automated.
Many hosts have a ‘host Wordpress’ option in their registration process. They do everything for you.
Or even use the free Wordpress.com option.
Upvote
0
This is the worst possible case. Shared hosting. Almost all infected Wordpress installations I have had to fix were on shared hosting. The reason is they are cramping all possible users in one server to save costs. But are not able to effectively jail these users to their own server accounts. One jailbroken account usually infects all the other accounts on the server. So even if your Wordpress installation is nice and secure, with strong password, 2FA, no external plugins, and everything correct, you still get infected.
Upvote
0
Shared hosting is used by almost everyone. And they are not cramped together as they used to be. Things have moved on a lot.
It still doesn’t change the fact that you don’t need a developer to install Wordpress. And for most small businesses that’s good enough reason to use Wordpress over Laraval or many other platforms.
It still doesn’t change the fact that you don’t need a developer to install Wordpress. And for most small businesses that’s good enough reason to use Wordpress over Laraval or many other platforms.
Upvote
0
I highly doubt it has changed a lot, it is probably even worse now.
When a very small VM costs $3 and it works just for you its difficult for them to compete with price.
This is why they had to reduce prices to $1 and under to stay competitive.
Which is why I would only assume the density of people on the servers have gotten bigger.
However I do agree with you, its very convenient. When I was young and unexperience developer all I had to do was to click a button in CPanel, and MySQL, emails and Worpress was up and running. Slow, cluncky, insecure, but I was happy, becase I did not know better at the time.
When a very small VM costs $3 and it works just for you its difficult for them to compete with price.
This is why they had to reduce prices to $1 and under to stay competitive.
Which is why I would only assume the density of people on the servers have gotten bigger.
However I do agree with you, its very convenient. When I was young and unexperience developer all I had to do was to click a button in CPanel, and MySQL, emails and Worpress was up and running. Slow, cluncky, insecure, but I was happy, becase I did not know better at the time.
Upvote
0
Latest Articles
-
Should you crowdfund? A framework for UK founders in 2026Three articles into a series on what crowdfunding actually costs, the...- Ozzy
- Updated:
-
The polls, the reframing, and the billion dollarsHow three letters from the early years of Star Citizen's development...
- Ozzy
- Updated:
-
The values trap: what the Punks actually ownedWhy BrewDog's Equity for Punks investors were structurally locked out...
- Ozzy
- Updated:
-
When belief is the business modelWhat BrewDog's collapse and Star Citizen's billion-dollar climb are...
- Ozzy
- Updated:
-
AI, Virtual Influencers and the Copyright Minefield: What Entrepreneurs Need to KnowI'll be upfront: this article was written with the assistance of an AI...
- Ozzy
- Updated: