Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "wordpress security"
-
Dear self proclaimed wordpress 'developers/programmers', kindly go fuck yourself.
I'm not talking about wordpress devs/designers who don't claim to have a better skillset than they have and are actually willing to learn, those are very much fine.
I'm talking about those wordpress people who claim that they're developers, programmers or whatever kind of bullshit which they're obviously not.
"A client's site crashed, you have to fix it!!!!!" sorry, come again? It's YOUR client's site. It's hosted on our hosting platform meaning that WE are responsible for KEEPING THE SERVERS UP AND FUNCTIONING.
You call yourself a wordpress 'developer' with 'programming experience' for 10 years but the second one of your shitty sites crashes, you come to us because 'it's your responsibility!!!'.
No, it's not. Next to that fact, the fact that you have to ask US why the site is crashing while you could easily login to your control panel, go to the fucking error logs and see that one of your facebook plugins crashes with a quite English error message, shows me that you definitely don't have 10 years of programming experience. And if you can't find that fucking article which tells you exactly where the motherfucking error logs are, don't come crying to us asking to fix your own fucking bullshit.
"My clients site got hacked, you have to clean it up and get it online again ASAP!!!!" - Nah, sorry, not my responsibility. The fact that you explicitly put your wordpress installation on 'no automatic updates' also doesn't help with my urge to fucking end you right now.
Add to that that we have some quite clear articles on wordpress security which you appearantly found too difficult (really? basic shit like 'set a strong fucking password' is too difficult for you?), you're on your own.
"I'm getting an error, please explain what's going wrong as soon as you can! this is a prio 1!!!!" - Nope. You were a wordpress dev/programmer right? Please act like one.
I'm not your personal wordpress agent.
I'm not your personal hacked wordpress site cleanup guy.
I'm not even a fucking wordpress professional. No, I'd rather jump off a bridge than develop wordpress bullshit for a living.
That you chose to do this, not a problem. Just don't rely on me for fixing your shit.
I'm sick of cleaning up your bullshit.
I'm done with answering your high prio tickets about bullshit which any dev could find out with just a few minutes of searching.
Oh your wordpress site isn't showing up so high in google? Yeah sure, shoot a ticket at us blaming us for your own SEO mess. I'm a fucking sysadmin, not a SEO expert.
I'm fucking done with you.
Go die in a fucking corner.18 -
Consultant: "you should deploy a website. Use wordpress and have a draft ready in a few days. It's easy."
Me: "It's a static website, a one-pager even. I think we would be better served with something light-weight without a database."
Consultant: "99% of the websites in the entire internet are powered by wordpress. It's state of the art, you should use it"
Me: 😢 "Nooo, it needs mainentance and stuff. Look, XY is much simpler. You can even version the static site with git"
Consultant: 😤
We ended up with wordpress for our static website now. I am so proud. I absolutely love wordpress. It is amazing. Now my static one-pager can have plugins, multiple users, security issues and all that. The future is now!17 -
A while ago (few months) I was on the train back home when I ran into an old classmate. I know that he's a designer/frontend/wordpress guy and I know that he'll bring anyone down in order to feel good. I also know that he knows jack shit about security/backend.
The convo went like this:
Me: gotta say though, wordpress and its security...
Him: yeah ikr it's bad. (me thinking 'dude you hardly know what the word cyber security means)
Me: yeah, I work at a hosting company now, most sites that get hacked are the wordpress ones.
Him: yeah man, same at my company. I made a security thing for wordpress though so we can't get hacked anymore.
Me; *he doesn't know any backend NOR security..... Let's ask him difficult stuff*
Oh! What language did you use?
Him: yeah it works great, we don't get hacked sites anymore now!
Me: ah yeah but what language did you use?
Him: oh it's not about what language you use, it's about whether it works or not! My system works great!
Me: *yeah.....right.* oh yeah but I'd like to know so I can learn something. What techniques did you use?
Him: well obviously firewalls and shit. It's not about what techniques/technology you use, it's about whether it works or not!
That's the moment I was done with it and steered the convo another way.
You don't know shit about backend or security, cocksucker.16 -
This rant is a confession I had to make, for all of you out there having a bad time (or year), this story is for you.
Last year, I joined devRant and after a month, I was hired at a local company as an IT god (just joking but not far from what they expected from me), developer, web admin, printer configurator (of course) and all that in my country it's just called "the tech guy", as some of you may know.
I wasn't in immediate need for a full-time job, I had already started to work as a freelancer then and I was doing pretty good. But, you know how it goes, you can always aim for more and that's what I did.
The workspace was the usual, two rooms, one for us employees and one for the bosses (there were two bosses).
Let me tell you right now. I don't hate people, even if I get mad or irritated, I never feel hatred inside me or the need to think bad of someone. But, one of the two bosses made me discover that feeling of hate.
He had a snake-shaped face (I don't think that was random), and he always laughed at his jokes. He was always shouting at me because he was a nervous person, more than normal. He had a tone in his voice like he knew everything. Early on, after being yelled for no reason a dozen of times, I decided that this was not a place for me.
After just two months of doing everything, from tech support to Photoshop and to building websites with WordPress, I gave my one month's notice, or so I thought. I was confronted by the bosses, one of which was a cousin of mine and he was really ok with me leaving and said that I just had to find a person to replace me which was an easy task. Now, the other boss, the evil one, looked me on the eye and said "you're not going anywhere".
I was frozen like, "I can't stay here". He smiled like a snake he was and said "come on, you got this we are counting on you and we are really satisfied with how you are performing till now". I couldn't shake him, I was already sweating. He was rolling his eyes constantly like saying "ok, you are wasting my time now" and left to go to some basketball practice or something.
So, I was stuck there, I could have caused a scene but as I told you, one of the bosses was a cousin of mine, I couldn't do anything crazy. So, I went along with it. Until the next downfall.
I decided to focus on the job and not mind for the bad boss situation but things went really wrong. After a month, I realised that the previous "tech guy" had left me with around 20 ancient Joomla - version 1.0 websites, bursting with security holes and infested with malware like a swamp. I had never seen anything like it. Everyday the websites would become defaced or the server (VPN) would start sending tons of spam cause of the malware, and going offline at the end. I was feeling hopeless.
And then the personal destruction began. I couldn't sleep, I couldn't eat. I was having panick attacks at the office's bathroom. My girlfriend almost broke up with me because I was acting like an asshole due to my anxiety issues (but in the end she was the one to "bring me back"(man, she is a keeper)) and I hadn't put a smile on my face for months. I was on the brink of depression, if not already there. Everyday I would anxiously check if the server is running because I would be the one to blame, even though I was trying to talk to the boss (the bad one was in charge of the IT department) and tell him about the problem.
And then I snapped. I finally realised that I had hit rock bottom. I said "I can't let this happen to me" and I took a deep breath. I still remember that morning, it was a life-changing moment for me. I decided to bite the bullet and stay for one more month, dealing with the stupid old server and the low intelligence business environment. So, I woke up, kissed my girlfriend (now wife), took the bus and went straight to work, and I went into the boss's office. I lied that I had found another job on another city and I had one month in order to be there on time. He was like, "so you are leaving? Is it that good a job the one you found? And when are you going? And are you sure?", and with no hesitation I just said "yup". He didn't expect it and just said "ok then", just find your replacement and you're good to go. I found the guy that would replace me, informing him of every little detail of what's going on (and I recently found out, that he is currently working for some big company nowadays, I'm really glad for him!).
I was surprised that it went so smoothly, one month later I felt the taste of freedom again, away from all the bullshit. Totally one of the best feelings out there.
I don't want to be cliche, but do believe in yourself people! Things are not what the seem.
With all that said, I want to give my special thanks to devRant for making this platform. I was inactive for some time but I was reading rants and jokes. It helped me to get through all that. I'm back now! Bless you devRant!
I'm glad that I shared this story with all of you, have an awesome day!15 -
A CMS raping WordPress so hard up the ass till there is no tomorrow. I hate that bastardized piece of fuck. “Hey I want you to fix my page and its wordpress. I pay 20 bucks.“ Well fuck you too sir. Wordpress is no cms you wanna be coders. Get back to your fucking photoshop and design something original! Every fucking wp page looks the same. Every “nice feature“ is some kind of monkeypatched workarround. No problem i set preview pictures for every post just to enable some weird slider to function.
I also love those buttfucked files with just a “require foo“ which also just requires “bar“. Drop that fuck. Implement autoloading. Nobody uses php4 anymore step into the future. “easy to learn“ fuck me and fuck you untill you vomit jizz! Clusterfucked spaghetticode thats easy, easy to put another rotten load of clusterfuck on top. Also those security features. I put an empty index.php to prevent directory traversal. N I C E! Stop using wordpress as CMS, its a blog engine. Nothing great has every been written on top of wordpress and never will. I dare you to deny everything related to it and if you are one of those designer guyd, you can gargle my jizz you fucknut!
Starting 2017 i will start a counter and rape every 10th Wordpress which gets abused as cms i encounter into oblivion on their 0,99$ webhosting shit.
Fuck this I'm so mad about that crap17 -
Client initially requested the Wordpress server to have an easy one click way to restore from previous backups.
After setting up the auto weekly backup feature in Digital Ocean, the client wants to disable it because of the extra $1 cost it added to their $5/month hosting plan... 😒8 -
DevOps required skillset:
* Frontend engineering
* Backend services
* Database administrator
* Security consultant
* Project management
* 3rd party contract negotiator
* Build system monitor
* Build system hostage negotiator
* Paging, alerting, monitoring
* Search server admin
* Old search server admin
* Old-old-new search server admin
* Redis, ElasticSearch, MySQL, PostGres, owner
* Agile coach
* No you shouldn't do that coach
* Oh, you did that anyway coach
* DNS: (Optional) It'll replicate when it wants, and how it wants to to anyway
* Multi-Cloud deployment strategist
* Must be able to translate Klingon to YAML, and YAML to MySQL
* Cost analyzer, reducer, and justifier
* Complex documentation generation in markdown that we should have done years ago anyway
* Marketing's email went to spam analyzer
* Wordpress is broke fixer
* Where the fuck does Wordpress run anyway?
* Ability to fix MySql running Wordpress on marketing's dusty laptop7 -
Rant about devRant.
I hate to see two types of posts:
1. “Haha, i added a WordPress existing theme and charged customer XXXX EUR”, “Idiot customer, I had cross platform app and I charged for each platform”, “lol, they wanted to negotiate the payment, I connected to backdoor and shutdown down their servers”
2. “Why does customer not trust our estimates?” “I told him he does not need to worry about this comparability”, “they are asking about security of the hardened server, are they nuts?
First you treat customers dishonestly and then expect them to trust you and rely on your expertise. Before you constantly complain about the customers - look at yourself guys.10 -
We are on a roll here people (side note, if You are joining the site, thank you but if you are using disposable email accounts at least wait for the verification code to arrive to said account):
So our most well know and belowed CMS that brings lots of love and feels to those that have to (still) deal with it, had some interesting going on:
Oh Joy! "Backdoor in Captcha Plugin Affects 300K WordPress Sites", well arent You a really naughty little boy, eh?
https://wordfence.com/blog/2017/...
Remember that "little" miner thingy that some users here has thought about using for their site? Even Yours truly that does make use of Ads Networks (fuck you bandwidth is not free) even I have fully condenmed the Miner type ads for alot of reasons, like your computer being used as a literal node for DDoSing, well... how about your "Antivirus" Android phone apps being literally loaded with miner trojans too?
https://securelist.com/jack-of-all-...
"When You literally stopped giving any resembles of a fuck what people think about Your massive conglomerate since You still literally dominate the market since alot of people give zero fucks of how Orwellian We are becoming at neck-breaking speed" aka Google doesnt want other webbrowsers to get into market, Its happy with having MemeFox as its competitor:
https://theregister.co.uk/2017/12/...
Talking about MemeFox fucking up again:
https://theregister.co.uk/2017/12/...
And of course here at Legion Front we cant make finish a report without our shitting at Amazon news report:
"French gov files €10m complaint: Claims Amazon abused dominance
Probe found unfair contracts for sellers"
More News at:
https://legionfront.me/page/news
And for what you may actually came and not me reporting stuff at Legion's Orwell Hour News™ ... the free games, right?:
Oxenfree is free in GoG, its a good game, I played like 2 months after its release and I think I heard they wanted to make a Live Action movie or some sort of thing after it:
https://www.gog.com/game/oxenfree
Kingdom Classic is also free:
http://store.steampowered.com/app/...
Close Order Steam Key: HWRMI-2V3PQ-ZQX8B
More Free Keys at:
https://legionfront.me/ccgr4 -
First company I worked for, built around 40 websites with Drupal 7...in only a year (don't know if it's a lot for today's standards, but I was one guy doing everything). Of course I didn't have the time to keep updating everything and I continually insisted to the boss that we need more people if we are going to expand. Of course he kept telling me to keep working harder and that I "got this". Well, after a year a couple of websites got defaced, you know the usual stuff if you've been around for some time. Felt pretty bad at the time, it was a similar feeling to having your car stolen or something.
Anyways, fast forward about 2 years, started working on another company, and well...this one was on another level. They had a total of around 40 websites, with about 10 of them being Joomla 1.5 installations (Dear Lord have mercy on my soul(the security vulnerabilities from these websites only, were greater than Spiderman's responsibilities)) and the others where WordPress websites, all that ON A SINGLE VPS, I mean, come on... Websites being defaced on the daily, pharma-hacks everywhere, server exploding from malware queing about 90k of spam emails on the outbox, server downtime for maintenance happening almost weekly, hosting company mailing me on the daily about the next malware detection adventure etc. Other than that, the guy that I was replacing, was not giving a single fuck. He was like, "dude it's all good here, everything works just fine and all you have to do is keep the clients happy and shit". Sometimes, I hate myself for being too caring and responsible back then.
I'm still having nightmares of that place. Both that office and that VPS. -
So this PR company hired my firm to convert their client's Wix website to WordPress to have better control over content and SEO, not to mention get away from the piss-poor "absolute position everything" setup of Wix. This is a single page design. 2 days later, we deliver it, performing faster than Wix and with a few extra goodies on the UI.
The client's director of IT wants to stay on Wix, because it's "the most secure provider", and will only move their ONE PAGE INFORMATIONAL WEBSITE to another platform and host if they answer a 133 item "security questionnaire". Short of SSNs, they want to basically know everything, including our proprietary and confidential security practices. You aren't Google...stop acting like you are...
How are people this stupid a "director" of anything?3 -
When you resign and before you leave your coworkers ask you to help them write a job description for your replacement and you be like "MUUUUUUHAHAHAHAHAAAA! Just TRY to find THIS!" #IDoAllTheThingsundefined marketing job security wordpress seo design programming server management public relations blogger
-
Send over the entire directory for a WordPress site we completely overhauled with new plugins, custom theme, redid content with visual composer, etc. I tell him to backup his site and then put everything I give you as fresh. He tells me he can't just wipe out his entire site that's unacceptable. I ask him what's the problem? he rambles on and says a lot of words that don't really mean anything then says security. so I call him out on it, what security issues do you have? well we have users and permissions setup he says. I explain That I copied his users table over when we did the redesign, so it's the exact same stuff. so I say again, why can't we just replace everything? well that's just not acceptable he says. I ask him again, what EXACTLY is your problem with replacing the site since I already addressed your security concern. he couldn't answer me so now we have another conference call tomorrow morning with more people from their team. I'll let you know how it goes.
tldr; clients are idiots, call them out for the dumb shit they say and have no response.7 -
Going through a WordPress site that hasn't been updated in over a year. It's so severely infected that even the Wordfence and Security plugins say it's fine. So I'm going through the file structure manually.
File by file, folder by folder manually searching for infected files. This is the most tedious thing I've had to do. But I'm learning some really interesting tips. One file looked empty and I almost missed it because the code had been tabbed over a few hundred times clearing it way off the the right of the screen.10 -
Wow so much hate for WordPress. Le me to the rescue 💀
Yes WP is bloated and crappy and full of security issues etc etc. Agreed. That doesn't mean it is useless though.
It is alright to use for someone who is not really good with web, someone who just needs a blog, someone who just needs a home page, about page and contact form with a possibility of updating photo and text once or two times a month.
It is not suitable for e-commerce nor lots of transactions/forms involving websites.
As long as you know what kind of horse/vehicle you are on, you won't end up in the dirt.4 -
Conversion topic: a security feature the PM doesn't like
PM: but WordPress doesn't do this.
Me: yes but WP is hacked every couple weeks and isn't exactly a security standard!
Debate continues for 5 minutes... And I'm forced to remove the feature 😑 -
Beware: Here lies a cautionary tale about shared hosting, backups, and -goes without saying- WordPress.
1. Got a call from a client saying their site presented an issue with a third-party add-on. The vendor asked us to grant him access to our staging copy.
2. Their staging copy, apparently, never got duplicated correctly because, for security reasons, their in-house dev changed the name of the wp-content folder. That broke their staging algo. So no staging site.
3. In order to recreate the staging site, we had to reset everything back to WP defaults. Including, for some reason, absolute paths inside the database. A huge fucking database. Because WordPress.
4. Made the changes directly in a downloaded sql file. Shared hosting, obviously, had an upload limit smaller to the actual database.
5. Spent half an hour trying to upload table by table to no avail.
6. In-house uploads a new, fixed database with the help of the shared hosting provider.
7. Database has the wrong path. Again.
8. In-house performs massive Find and Replace through phpMyAdmin on the production server.
9. Obviously, MySQL crashes instantly and the site gets blocked for over 3 hours for exceeding shared hosting limits.
10. Hosting provider refuses to accept this was caused by such a stupid act and says site needs to be checked because queries are too slow.
11. We are gouging our eyeballs as we see an in-house vs. hosting fight unfold. So we decide to watch a whole Netflix documentary in between.
12. Finally, the hosting folds and enables access to the site, which is obvi not working because, you know, wrong paths.
13. Documentary finishes. We log in again, click restore from backup. Go to bed. Client phones to bless us. Client’s in-house dev probably looking for a cardboard box to pack his stuff first thing in the morning. \_(ツ)_/¯ -
Look, I get it. Wordpress sucks. It’s bloated. It’s slow. It’s not elegant. It’s a nightmare to debug and code for. The plugin ecosystem is an insecure, confusing mess of outdatedness and issues.
We can all agree that in a perfect world all power to determine everything about a website, from the code to the content, would be in our power as developers. But we don’t live in a perfect world. People want convenience, even at the cost of performance and security, and they will inevitably resent technologists who refuse to give it to them. We do ourselves and our customers a disservice when we only do what we feel is in our own best interests or preferences and not what will help them with their realities.
Yes, it sucks. Yes, it’s a pain. Yes, it’s in demand and there’s nothing any of us can do to change that.
And that’s all I have to say about that.5 -
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore13 -
*News for the users here that deal with web hosting here*
Hey there anyone that vaguely remembers me, so have been busy with my network lately dont have much time to get back here, I dont know if someone has already reported this new, I found it while I was scooting for news to share on my site (shameless plug: https://legionfront.me/pages/news)
Its about our loved /s and highly used Wordpress and its lovely code /ss
https://thehackernews.com/2018/02/...
Short story short if, there is an exploit (of the many) to DDoS a network of worpress sites that has been present since almost literally forever, the code to fix it is in the articleundefined wordpress shilling ddos end my life immediately news security legion code quality legion frontier8 -
Someone mentioned that client want to use wordpress instead of they current website because it is cheaper! Ok lets see how cheap it is.. each time wp release update after updating you need go through all website and check if nothing is broken.. plugins will need update as well because usually they run on specific wp version. Fixing theme and plugins requires dev time.. despite all those things.. have common sense. Maybe it is good for some type of business to host few pages without any business logic or use as blog without scare to loose everything and do not store users data.. someone mentioned that it is secure to run anything because updates are the best security to avoid security breaches. So why banks are not running on WP? Why health service is not using WP?
-
Modifying .htaccess for WordPress multisite so that my custom url(slug) will redirect to wp-login for security reasons.
It is like performing a neuro surgery where the slightest of mistake will get u paralyzed.
I have already reached a vegetative state..
I wonder what more damage I could do? FML.3 -
TL:DR linux newbie, looking for advice/links (skip to bottom for questions)
!rant
After i had been looking for a job for quite some time, a couple of months ago i got hired by "smaller" company doing web stuff. So far it have been a great place, good colleagues, and overall just having a great time!.
They seem to value me alot, so that's great!.
Anyway, yesterday i got called into a meeting - and got told they wanted me to start learning "Server stuff (linux)". That got me quite excited, because it always was something i wanted to learn - but never really got around to doing.
But i never touched a linux installation before, so i'm really on ground zero - but im not afraid, i'm a quick learner and quite efficient at googling :)
I figured i would ask here, since other people here always seems to be happy to help other people out.
So far i have manage to setup a server, install various stuff (php, mysql and so on) and done setup a couple of domains/subdomains on my server. Also got a vestacpinstallation working - so overall im quite happy so far.
I figured maybe somebody had some good links/advice for a linux newbie :).
* Performance/Security, will obviously be a big focus - anything i should look at? - any must look at?
* Monitoring tools, how do i monitor various websites running on my server? Here i'm thinking bandwitch, cpu/ram usage and so on pr site basis.
* Any other stuff i should be looking at?
Little about what the server will/should be running :)
* Centos
* vestacp
* WordPress installations only (e-commerce mainly)
* PHP 7 / MySQL / phpmyadmin5 -
I have read people talk about how “Laravel makes PHP fun”. I don't get it. I really hate frameworks. Yeah they may simplify tasks. But the way I see it, you now have a damn framework that you're never going to bother to understand. You most likely won't read the underlying code, you'll rely on others to release security updates.
Hey yeah it has its benefits, like peer reviewed, and matured code.
But I guess it's just not for me.
SAME GOES FOR WORDPRESS. It does freaking make your life easy, and it's easy money, but I guess it would just annoy me to not be bothered with the underlying code.
Anyway, Imma head on to make my own framework....9 -
I want to start a little website, for my ideas and other stuff but I can't convince myself to use WordPress and I'm kind of lazy to code my website because I'm afraid of security problems... Do you have any advice to make a choice ?12
-
WordPress File Delete to Code Execution
The vulnerability was reported 7 months ago to the WordPress security team but still remains unpatched.
https://blog.ripstech.com/2018/...1 -
I've been programming for 15 years now or more if I count my years I programmed as a hobby. I'm mostly self learned. I'm working in an environment of a few developers and at least the same amount of other people (managers, sales, etc). We are creating Magento stores for middle sized businesses. The dev team is pretty good, I think.
But I'm struggling with management a lot. They are deciding on issues without asking us or even if I was asked about something and the answer was not what they expect, they ask the next developer below me. They do this all the way to Junior. A small example would be "lets create a testing site outside of deployment process on the server". Now if I do this, that site will never be updated and pose a security risk on the server for eternity because they would forget about it in a week. Adding it to our deployment process would take the same time and the testing site would benefit from security patches, quick deployment without logging in to the server, etc. Then the manager just disappears after hearing this from me. On slack, I get a question in 30 minutes from a remote developer about how to create an SSH user for a new site outside of deployment. I tell him the same. Then the junior gets called upstairs and ending up doing the job: no deployment, just plain SSH (SFTP) and manually creating the database. I end up doing it but He is "learning" how to do it.
An other example would be a day I was asked what is my opinion about Wordpress. We don't have any experience with Wordpress, I worked with Drupal before and when I look at a Wordpress codebase, I'm getting brain damage. They said Ok. The next day, comes the announcement that the boss decided to use Wordpress for our new agency website. For his own health and safety, I took the day off. At the end, the manager ended up hiring an indian developer who did a moderately fair job. No HiDPI sprites, no fancy SASS, just plain old CSS and a simple template. Lightyears worse than the site it was about to replace. But it did replace the old site, so now I have to look at it and identify myself part of the team. Best thing? We are now offering Wordpress development.
An other example is "lets do a quick order grid". This meant to be a table where the customer can enter SKU and quantity and they can theoretically order faster if they know the SKU already. It's a B2B solution. No one uses it. We have it for 2 sites now and in analytics, we have 5 page hits within 3 years on a site that's receiving 1000 users daily... Mostly our testing and the client looked at it. And no orders. I mean none, 0. I presented a well formatted study with screenshots from Analytics when I saw a proposal to a client to do this again. Guess what happened? Someone else from the team got the job to implement it. Happy client? No. They are questioning why no one is using it.
What would you do as a senior developer?
- Just serve notice and quit
- Try to talk to the boss (I don't see how it would work)
- Just don't give a shit1 -
Today I discovered that Betheme for Wordpress stores data base64 encoded in the database. Meaning you can't just do a search replace when you migrate a site to a different domain. That combined with Chrome based browsers not loading mixed security assets, but Firefox (the browser I use) does, makes for a confusing trouble ticket.
You have to change the setting to serialize sanely, then go into every post and save to update the stored data. Fortunately, the site is new so I only had one page to update, but I can't imagine the headache an established site would be to migrate.3 -
Gotta love when they give you site credentials to look at their wordpress dashboard but forget to give you the login page.
Am I supposed to spider their site and play a guessing game. Fml.
Wonder if there is a way to scan the login? Athough that would make hiding their login just security theater.5 -
Fully upgraded wordpress for my blog (just not interested writing my own ) with security patches and got hacked... all index files in first level directories replaced. Will find the time to make my own and migrate all posts because "wordpress is awesome"6
-
When you have a manager that gets the requirements for a super simple content page one month ago...
Then argues with some people about where it needs to go...
Then when it was decided two weeks ago that it needed to be a new publishing site insists on getting approval to deploy the new site even when I said hey I can have this guy set up publishing on our external server...
Gets approval anyway, now the deadline for it to be activated and working is tomorrow and because he is "a Wordpress developer" (by which he can install a theme) he thinks he knows how to fix Wordpress...
Because of the security at our company it needs to be over https and we are doing ssl offload from our publisher and Wordpress doesn't seem to like it or it is his jacked up Windows box running Wordpress? Wtf
Best of all he said "do you think we will meet the deadline". I said I don't think we have a choice, this will be used by a lot of people Saturday for a conference. OMG I was ready to scream...
Now today I need to setup a new cms on an external server and get it done by tomorrow morning, with content. FML -
how hard is it to set up a wordpress site? i hate to ask but am too busy just to try.
i always build everything from scratch, but my mother constantly asks for a new website providing wp-templates as examples. none of my past fancy features were used so i am a bit tired of putting in the effort. is it worth it or would i just create technical debt? what about security concerns, updates and upwards-compatibility with new php versions to come?3 -
9 Ways to Improve Your Website in 2020
Online customers are very picky these days. Plenty of quality sites and services tend to spoil them. Without leaving their homes, they can carefully probe your company and only then decide whether to deal with you or not. The first thing customers will look at is your website, so everything should be ideal there.
Not everyone succeeds in doing things perfectly well from the first try. For websites, this fact is particularly true. Besides, it is never too late to improve something and make it even better.
In this article, you will find the best recommendations on how to get a great website and win the hearts of online visitors.
Take care of security
It is unacceptable if customers who are looking for information or a product on your site find themselves infected with malware. Take measures to protect your site and visitors from new viruses, data breaches, and spam.
Take care of the SSL certificate. It should be monitored and updated if necessary.
Be sure to install all security updates for your CMS. A lot of sites get hacked through vulnerable plugins. Try to reduce their number and update regularly too.
Ride it quick
Webpage loading speed is what the visitor will notice right from the start. The war for milliseconds just begins. Speeding up a site is not so difficult. The first thing you can do is apply the old proven image compression. If that is not enough, work on caching or simplify your JavaScript and CSS code. Using CDN is another good advice.
Choose a quality hosting provider
In many respects, both the security and the speed of the website depend on your hosting provider. Do not get lost selecting the hosting provider. Other users share their experience with different providers on numerous discussion boards.
Content is king
Content is everything for the site. Content is blood, heart, brain, and soul of the website and it should be useful, interesting and concise. Selling texts are good, but do not chase only the number of clicks. An interesting article or useful instruction will increase customer loyalty, even if such content does not call to action.
Communication
Broadcasting should not be one-way. Make a convenient feedback form where your visitors do not have to fill out a million fields before sending a message. Do not forget about the phone, and what is even better, add online chat with a chatbot and\or live support reps.
Refrain from unpleasant surprises
Please mind, self-starting videos, especially with sound may irritate a lot of visitors and increase the bounce rate. The same is true about popups and sliders.
Next, do not be afraid of white space. Often site owners are literally obsessed with the desire to fill all the free space on the page with menus, banners and other stuff. Experiments with colors and fonts are rarely justified. Successful designs are usually brilliantly simple: white background + black text.
Mobile first
With such a dynamic pace of life, it is important to always keep up with trends, and the future belongs to mobile devices. We have already passed that line and mobile devices generate more traffic than desktop computers. This tendency will only increase, so adapt the layout and mind the mobile first and progressive advancement concepts.
Site navigation
Your visitors should be your priority. Use human-oriented terms and concepts to build navigation instead of search engine oriented phrases.
Do not let your visitors get stuck on your site. Always provide access to other pages, but be sure to mention which particular page will be opened so that the visitor understands exactly where and why he goes.
Technical audit
The site can be compared to a house - you always need to monitor the performance of all systems, and there is always a need to fix or improve something. Therefore, a technical audit of any project should be carried out regularly. It is always better if you are the first to notice the problem, and not your visitors or search engines.
As part of the audit, an analysis is carried out on such items as:
● Checking robots.txt / sitemap.xml files
● Checking duplicates and technical pages
● Checking the use of canonical URLs
● Monitoring 404 error page and redirects
There are many tools that help you monitor your website performance and run regular audits.
Conclusion
I hope these tips will help your site become even better. If you have questions or want to share useful lifehacks, feel free to comment below.
Resources:
https://networkworld.com/article/...
https://webopedia.com/TERM/C/...
https://searchenginewatch.com/2019/...
https://macsecurity.net/view/...