andrew-cooper

OK, many thanks Michael.

OK – many thanks for that and for the links, Michael.

Thanks Craig – I’ve just figured out how to do this: you make the page to which the home page is a sub page ‘private’.

Have just added your blog to my favourites: used to fly gliders myself, see a few posts at https://www.mindworksblog.com (this isn’t the site I’m working on.)

Ah, many thanks.

Thanks useshots and gangleri. I’ve actually persuaded the organisation in question to use WP for another smaller website – it’s related to a project they are running. The real problem is that they didn’t have time to think properly when they were evaluating the bids to rebuild their main website – and because of that they didn’t ask questions like this.

I sat down with them and said ‘Now, this WP security thing..yeah, its vulnerable, but so is everything else and WP are a big, multi-million dollar organisation who are very keen to ensure they stay that way, so they’re very keen to keep their system secure..you remember the https://www.westberks.gov.uk incident? … well the lesson from that is that whichever path you choose, you need to stay on your toes..’

They said, ‘Well, all that seems to make sense…ok, let’s do it’. Happy ending. I hope.

I have 14 WP sites registered, 3 of them are very active and I’ve been using WP for 3 years without being hacked and without even receiving any sucessful comment spam. It’s not me that’s worried: my original posts here were from the client’s point of view.

Well, thanks again whoami. We all construct our own realities.

I think you’re getting a little over excited. There isn’t ‘that much anxiety’. What there is is an organisation I know which doesn’t know much about the web but wants a new website. Someone has persuaded them not to use WP by saying that WP based sites are much more vulnerable to attack than other sites.

The organisation in question knows very well that all websites are vulnerable. This one – https://www.westberks.gov.uk, which is owned by another similar organisation in our area, was the subject of a serious attack one weekend a couple of years ago when it was diverted onto a page in Eastern Europe). Thankfully it was a rather innocuous ‘Hey look what we did!’ page but it could easily have been otherwise. The issue is not either/or, website or no website, is it? I’m sure you understand that. But as you think this is a useless discussion I guess you’re not reading this, and that’s fine too.

If you’d like to comment on the issues that raises for WP, great, but it’s pointless commenting on how useful or otherwise this discussion is for you. You live in your world and, thankfully having seen your photos of St Pauls, I live in mine. I seriously hope things over there improve soon. Frankly, the way things are going, that’s unlikely.

Ah, I think I can see why you’re confused whoami. Didn’t spell it out for you – what I should have said was ‘examples of any sites that have been hacked successfully’, not the actual hacks themselves. Apologies. Know of any, particularly high profile ones?

Examples, whoami, because if the outfit that’s persuaded the organisation that prompted all this not to go with WordPress because it has security vulnerabilities were able to give them actual examples …. do I really need to finish this sentence?

My question may seem bizzare to you but one of the WP sites I run is for the parents’ association I chair at my son’s school. If it was hacked by a pornographer it would be bad news. Can you see that?

Thanks Otto: useful points.

As a non-techie (although I’m not completely illiterate) that’s not what I wanted to hear. Essentially you are saying that WordPress is much more vulnerable to hacking than, say, a site built in good old, old fashioned, HTML, right? Avoiding WP and other PHP based platforms would be a good idea if you are concerned, say, about pornographers substituting their images for yours?

If so, this is not good news. Examples of actual hacks, anyone?