More secure than Wordpress?


Recommended Posts

So my website got hacked a while back and I've been too busy to get it back up and running. Now that I have the time, I'm looking for something secure.

1. I'll be hosting it on my own domain, so no services requiring me to use another site.

2. I want to make sure it's secure. (I realize there are no guarantees, obviously.)

3. Expected functions are expected: tags for posts, ability to search by topic, etc.

4. Here is my partially re-built site to let you know what I'm going for with the look: http://www.richardmccord.com/Better_America/Step01_Communication.html
Obviously, nothing spectacular. But it fits my theme.

5. Mobile ready. If it doesn't work right for mobile devices, it's out.

Am I still looking at using Wordpress, or is there a better option? I found that I "needed" plugins to make Wordpress sort my articles/Pages the way I wanted.

Link to comment
Share on other sites

Thought of a static site generator like Pelican or Jekyll? Since they're plain HTML, any exploits would come down to your HTTP server alone, not any extra software.

  • Like 2
Link to comment
Share on other sites

WordPress is a common target for hackers.  The same can be said about other open source CMS options such as Drupal or Joomla!  At the core, they are quite secure.  They start to lose their security by out of date plugins, or ones that have not been patched in a long time by the developer.

You can use some of the security plugins that help prevent SQL injections as well as other common exploits as well.  I had a WordPress based site get hacked and I did not know it all because of an injection and then the hackers put an ISO of OSX Lion in one of the plugin directories.  I did not see that or notice that until my brand new VPS hosts said I hit bandwidth within 2 days of moving them.  I cleaned that up of course and made triple sure at that point to watchdog my directory permissions, and ensure my plugins were secure and updated.

I eventually moved away from WordPress to Joomla as it did not have the granular controls I wanted for restricting content to members as Joomla does.  I inspect my logs a lot and have seen many calls still almost a year later for the directory which housed the ISO file and they subsequently fail.  My logs also show a lot of attempts at hitting the wp-content and other directories which obviously are no longer on the server since I moved to Joomla.

I do not recommend any particular CMS but only recommend that you ensure that your plugins are secure and updated, directories are secure and that you have good security plugins that are highly rated and trusted in the marketplace for each CMS.  Also, watch the security logs generated by such plugins and consider using CloudFlare to host your DNS for your site, it adds a tremendous amount of protection to your site with a lot of blocking of known hackers behind the scenes.  I use it on all of my sites now and have seen a sharp drop of hacking activity as a result.

Link to comment
Share on other sites

Looking at your site (articles which available now) I'd agree with The_Decryptor. It even looks like from the current design that your website visitors are not supposed to leave comments.

Link to comment
Share on other sites

Use Wordpress and put your site behind CloudFlare. CloudFlare will help block a lot of common automated attacks, such as SQL injections. In addition CloudFlare cache your site around the world so it loads quicker for people.

I'd also change the default user login from "admin" to something else. Use a plugin to limit login attempts so bots get locked out after so many unsuccessful logins. You will probably find a bot is hammering your /wp-admin with 1000's a login attempts a minute, trying to guess the password to the default admin account.

In general keep everything updated and don't install lots of plugins, then you should be ok.

Link to comment
Share on other sites

Looking at your site (articles which available now) I'd agree with The_Decryptor. It even looks like from the current design that your website visitors are not supposed to leave comments.

I'm not using a CMS at the moment. I'm using my own code to layout the site; and no, I don't have a Comment section. If folks want to comment, they can send me a link when I get a Contact page up.

I'll checkout CloudFlare. I've put Wordpress on my site twice, and both times it got hacked. Either I'm really unlucky, or someone just really hates my political views. heh

Link to comment
Share on other sites

I wouldn't use any dynamic site tech unless you have to have multi users as well as update and categorize very often... if it's a site that doesn't get updated much at all it's best to use a standard html based page and skip out of having sec.issues.

 

also +1 for cloudflare. Been with them since the beginning and they've been solid.

Link to comment
Share on other sites

I don't think blog software like Wordpress makes any sense at all, why regenerate the page on each load when the content hasn't changed? The fact that you need plugins to stop it seems dumb. Take the Wordpress admin UI and bolt it onto a static site generator and you'd have something nice.

Even comments these days can be handled by stuff like G+ comments, Disqus or my favourite, Echochamber.js.

  • Like 2
Link to comment
Share on other sites

I'm not using a CMS at the moment. I'm using my own code to layout the site; and no, I don't have a Comment section. If folks want to comment, they can send me a link when I get a Contact page up.

I'll checkout CloudFlare. I've put Wordpress on my site twice, and both times it got hacked. Either I'm really unlucky, or someone just really hates my political views. heh

I've been using CloudFlare for a few years now.  They now offer flexible SSL on their free tier which is a good plus.  But I can tell you that it does speed things up loading wise and also it blocks many hackers all the time.  The only downside to using them is you lose visitor IP's by default unless you modify Apache headers which they tell you how to do or a simple search online as well. 

 

Link to comment
Share on other sites

This topic is now closed to further replies.