[Ilugc] do you need a CMS?
- From: vkanakala@xxxxxxxxx (Vamsee Kanakala)
- Date: Thu Sep 10 14:08:48 2009
pavithran wrote:
Unfortunately web apps can never be secured . There would be some
vulnerability popping up . I think this is not the case of wordpress
alone .
Sure, you cannot make them completely air-tight, but you can ensure a
_reasonable_ amount of security if you architect a webapp properly,
ensure you have proper test coverage and take basic security
precautions. But, as I said, the web framework you are using plays a big
role in helping you achieve those goals.
<assumption>
WP has a huge customer base hence will have lot of bugs .. may be the
user vs contributor ratio plays a major role for
testing,reporting,designing and developing the WP .
</assumption>
I hope I answered this as part of reply to Prem's mail.
I would like to know the issues you faced with it . Did you file a bug report
?
Anyways maybe a different thread in this mailing list would be fine .
Basically a vulnerability with xmlrpc.php that ships with all WP
installs (it was repoted by then) - somebody took advantage of a
vulnerability, was able to write some perl scripts to the /tmp directory
and was happily using the vps as a dumping/sharing site for some pirated
software. This was years ago, when I didn't know too much about sysadmin
stuff.
Luckily, the hosting provider Bytemark, found the problem and that led
me to a long round of learning about firewalls, iptables, etc. Since
then I immediately delete xmlrpc.php in every fresh WP install/upgrade I
do (yes, I wish I could get rid of a legacy WP install I have and move
it elsewhere, but right now it has tons of data and quite a chore to move).
Vamsee.
Other related posts:
