Abandoning WordPress–Or Not

Awhile back I wrote here about my intent to cease using WordPress and replace it with a static site generated with other tools. Since then, to state the self-evident, I’ve changed my mind and am stick with WordPress for the foreseeable future.

I changed my mind awhile ago when I was looking at my server logs and realized that WordPress wasn’t really the problem. WordPress seems to be pretty secure, and the anti-spam plug-ins I have in place do a good job of keeping spammers from posting. (The main plug-in tells me that it has blocked over 8,500 spam attempts since I installed WordPress, which gives you some idea of what a site like this is up against.)

The problem was Gallery, the photo-gallery software, and in particular WPG2, a plug-in which provides integration between WordPress and Gallery. My Gallery installation gets hit with automated spamming attempts as much as several hundred times a day. Based on the last successful hack on this site, I have reason to believe that WPG2 had a weakness which allowed outside access. So, obviously, I’ve removed WPG2 altogether. (I’ve also fixed the Photo Gallery link in the right column. I apologize if you’ve tried to use it previously and found that it was broken. It should work now.) The photo gallery now bears no resemblance to the rest of the site, but I’m just going to live with that. I might eventually drop Gallery altogether and start using Flickr.

I think that WordPress itself is pretty secure. It’s a popular tool and many blogs with a higher profile than this one are built with it. I’ve now decided, though, that I’ll just not use any third-party plug-ins, since they may create security weaknesses. I’m sure that many–most, even–don’t, but it seems simpler to just avoid them altogether.

By adam

Go ahead, try to summarize yourself in a sentence or two.

3 comments

  1. WordPress obviously will have some security issues every now and then, but they tend to get fixed quite fast.

    You’re right about the plug-ins. Anybody can write them and using them might create vulnerabilities in your system. Many plug-ins are written by amateur developers who don’t update/fix their code, or are slow to do so.

    I usually glance over the code and check forums for issues before activating a plug-in. (Backing up your db and code every now and then isn’t a bad idea either).

  2. Thanks for the confirmation regarding plug-ins. I thought maybe I was just being paranoid.

    Incidentally, your comment got held for moderation because Akismet thought that it might be spam. I have no idea why, but mysterious are the ways of Akismet. Clearly I need to get into the habit of checking its buffer regularly.

Leave a comment

Your email address will not be published. Required fields are marked *