DEV Community

Discussion on: Why wordpress?

Collapse
 
taufik_nurrohman profile image
Taufik Nurrohman • Edited

Security for the core is great, however I've heard that there are issues with some plugins and that this would be the main source of a security issue?

Your computer operating system is secure, but the software that you have installed isn’t. The operating system might have it’s own secure and closed API, but the external softwares that depend on the operating system may still be able to use the parent language that is more raw.

WordPress has their own secure and closed API, but every plugin can still be able to use the parent “language” of WordPress, that is PHP.

At what stage would you not consider Wordpress for a project?

IMO, any project that does not contain blog posts.

Thread Thread
 
fmctaggart profile image
Fraser McTaggart

Correct me if I'm wrong, as I haven't created a plugin for wordpress. But plugins can be created and submitted quickly and easily judging by the comments below. They can then be installed easily and without thought, by users that don't know the implications. Perhaps giving plugins unregulated access to server-side code isn't ideal?
The list of vulnerabilities and exploits is pretty extensive for wordpress plugins - surely there must be a better way?

Thread Thread
 
taufik_nurrohman profile image
Taufik Nurrohman • Edited

They can then be installed easily and without thought, by users that don't know the implications.

You can install a plugin with syntax error in it and then just get a blank screen.

Perhaps giving plugins unregulated access to server-side code isn't ideal?

It’s your web hosting provider duty.

Surely there must be a better way?

Just keep it up to date, and follow the support forums related to the plugin. Security holes sometimes come from old plugins that are no longer updated (but you don’t know and just install it anyway).

Using official plugins or paid plugins must be better (since you could easily complain about things).