637 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
Thecodingdude
says

I’ve never understood why people use wordpress when it’s just an accident waiting to happen.

I understand why wordpress IS a good platform, but it’s one of the poorest platforms when it comes to security; in other words there is none.

Have you ever given anyone access to your wordpress admin? Did you know that they can install a plugin to download your database without needing a password. You can also download your FTP files without a password. If you use the same password elsewhere in your wordpress config they can access that.

If you give someone access to FTP and you have a wordpress install, running an include(”../wp-config.php”) would be all it took to get your password.

So why do you use wordpress and how do you protect your wordpress from attacks like these? Do you only install plugins from people you trust?

2468 posts
  • Has been part of the Envato Community for over 6 years
  • Has sold $100+ on Envato Market
  • Has referred 100+ members
  • Has been a beta tester for an Envato feature
+3 more
digitalimpact
says

Well, I use it because it’s awesome, simple and has a huge community.

I’ve also found a way of dealing with all the above: I never hand out my passwords. Simple. Powerful.

P.S.: it’s WordPress.

3724 posts Community Moderator
  • Has referred more than 5000 members
  • Has sold $40,000+ on Envato Market
  • Had an item featured in an Envato Bundle
  • Has collected 100+ items on Envato Market
+9 more
quickandeasy
says

@ArranMcguire got me using random password gens for wp-config + if you’re giving someone your FTP details… they need to be trustworthy anyway.

and when it comes to security etc, free updates from Wordpress deal with those, right?

+ a massively active community

+ easy to install and a wealth of themes and plugins to make it do pretty much whatever you want it to do

I love wordpress.

812 posts
  • Has been part of the Envato Community for over 5 years
  • Has collected 10+ items on Envato Market
  • Achieved the monthly Community Superstar Award
  • Sells items exclusively on Envato Market
iamthwee
says

Giving anyone access to wordpress admin is a bad idea obviously. And if you have the ftp details then obviously you have root access anyway.

In regards to passwords they aren’t stored anywhere in the database as plain text. They are encrypted with a one time hash.

All that being said, WP is pretty secure. Unfortunately, if you use a plugin this is probably where vulnerabilities are best exploited. That’s about the only weak link IMO .

1422 posts
  • Contributed a blog post
  • Has been part of the Envato Community for over 5 years
  • Has been a beta tester for an Envato feature
  • Has referred 10+ members
+7 more
Stylius
says

Why on Earth would I give my passwords to someone else? If you give your password to another person, then don’t “moan” about WordPress’ security, it is you.

637 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
Thecodingdude
says

What I meant with FTP was in cPanel, you can create FTP accounts that point to a certain directory, so user “abcd” can only access directory “abcd”. This in itself is secure but they can still eventually work their way to get hold of your FTP files :P

275 posts
  • Has referred 1+ members
  • Has sold $10,000+ on Envato Market
  • Located in Romania
  • Has collected 1+ items on Envato Market
+3 more
DanThemes
says

Why on Earth would I give my passwords to someone else? If you give your password to another person, then don’t “moan” about WordPress’ security, it is you.

+1 Well said.

637 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
Thecodingdude
says


Why on Earth would I give my passwords to someone else? If you give your password to another person, then don’t “moan” about WordPress’ security, it is you.
+1 Well said.

You can create multiple admin accounts in wordpress ;)

356 posts
  • Has referred 10+ members
  • Has sold $10,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 50+ items on Envato Market
+4 more
cosmincotor
says

Don’t allow people you don’t trust to access the admin panel or your FTP , actually don’t give them access to anything if you’re not 100% sure they can be trusted :)

1665 posts Chris Robinson
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $500,000+ on Envato Market
  • Has been part of the Envato Community for over 6 years
  • Located in United States
+13 more
contempoinc
says

Don’t allow people you don’t trust to access the admin panel or your FTP , actually don’t give them access to anything if you’re not 100% sure they can be trusted :)

Exactly.

by
by
by
by
by
by