All Things WordPress Discussions

1679111230

Comments

  • vyasvyas OGRetired

    The post on WP security is well written and structured @bikegremlin ... I read it the second time and I liked it equally well....

    Thanked by (2)bikegremlin localhost
  • YmpkerYmpker OGContent Writer

    @bikegremlin said:

    @localhost said:

    @vyas said:

    @localhost said:
    any thoughts / comments on https://10web.io/ai-website-builder/ ?

    They currently have a 30% lifetime off promo. Not sure whether this is just hype or really works...

    thanks

    Quite a hype.Rebrabded Elementor (which they also mention on their site).

    If I want to create a simple website for myself, just list some likes hobbies and all, what would be your recommendation on a theme or platform to use?

    I chose WordPress and didn't regret it.
    With a decent quality theme, and not too many (needless?) plugins, it can run fast (enough) and be stable and secure.

    Stuff like Getsby and other "faster alternatives" ruin the sole purpose of using WordPress: the ease and simplicity of adding new, and editing old content.

    Over the past 5 years I've had people complain about various stuff on my websites, but speed was never one of them. Not because my websites are "super optimized", but because people don't really care (unless you're trying to sell them stuff they don't really need - for that every little trick helps), as long as a page loads in under 5 seconds.

    Kinda second that. If you have dynamic content or want to easily change content WP is great. Also, if you get smth like Divi theme lifetime license you can setup a page from hundreds of templates and dont worry about recurring subscriptions.

    Thanked by (1)bikegremlin
  • @Ympker said:

    @bikegremlin said:

    @localhost said:

    @vyas said:

    @localhost said:
    any thoughts / comments on https://10web.io/ai-website-builder/ ?

    They currently have a 30% lifetime off promo. Not sure whether this is just hype or really works...

    thanks

    Quite a hype.Rebrabded Elementor (which they also mention on their site).

    If I want to create a simple website for myself, just list some likes hobbies and all, what would be your recommendation on a theme or platform to use?

    I chose WordPress and didn't regret it.
    With a decent quality theme, and not too many (needless?) plugins, it can run fast (enough) and be stable and secure.

    Stuff like Getsby and other "faster alternatives" ruin the sole purpose of using WordPress: the ease and simplicity of adding new, and editing old content.

    Over the past 5 years I've had people complain about various stuff on my websites, but speed was never one of them. Not because my websites are "super optimized", but because people don't really care (unless you're trying to sell them stuff they don't really need - for that every little trick helps), as long as a page loads in under 5 seconds.

    Kinda second that. If you have dynamic content or want to easily change content WP is great. Also, if you get smth like Divi theme lifetime license you can setup a page from hundreds of templates and dont worry about recurring subscriptions.

    I... I vote for brizy.io if one is going for "page builders" with lifetime packages.
    Seriously considering going with that - but for projects. For my own websites, I prefer no-page builder solutions. For now at least.

    Thanked by (2)Ympker localhost

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • edited October 2020

    @localhost said:
    If I want to create a simple website for myself, just list some likes hobbies and all, what would be your recommendation on a theme or platform to use?

    Hobbies as in you your personal blog that you are not going to make money with it?
    How about the wordpress.com free tier then? I'd say it's the best for a personal blog!

    Pros
    Stable (maybe not Facebook/Google level lol, but they are not going away any time soon)
    Fast + great uptime
    Comments with great anti-spam (Akismet) included
    You get to use Wordpress (&its editor -> WYSIWYG FTW) (1)
    No worries about maintenance and what not - admin is Automattic's work, they deal with the upgrades/DDoS, you get to worry just about your content

    Cons
    Only a couple of gigs of space
    Only *.wordpress.com subdomain (pay a couple of bucks per month
    Cannot be a commercial site AFAIR (by that I mean e.g. using Google Ads)

    (1) I know this is the Wordpress thread, but the question mentioned platforms, and well, there are many platforms out there, including static website generators - but these are much more of a hassle than just getting an account on WP.com

    Thanked by (1)localhost

    Contribute your idling VPS/dedi (link), Android (link) or iOS (link) devices to medical research

  • @chimichurri said:

    @localhost said:
    If I want to create a simple website for myself, just list some likes hobbies and all, what would be your recommendation on a theme or platform to use?

    **Hobby **as in you are **not **going to make money with it? Then perhaps the wordpress.com free tier?

    Pros
    Great uptime
    Comments with great anti-spam included
    You get to use Wordpress!
    No worries about attackers and what not - admin is Automattic's work, you just worry about your content :)

    Cons
    Only a couple of gigs of space
    Only *.wordpress.com subdomain
    Cannot be a commercial site AFAIR (by that I mean e.g. using Google Ads)

    Yes. Just personal stuff, some posts here and there. Sorry if I am not clear. I needed some tips on what to use for the wp site in terms of themes or other builders.

    I do have a host for setting up my site ?

  • @bikegremlin said:

    @Ympker said:

    @bikegremlin said:

    @localhost said:

    @vyas said:

    @localhost said:
    any thoughts / comments on https://10web.io/ai-website-builder/ ?

    They currently have a 30% lifetime off promo. Not sure whether this is just hype or really works...

    thanks

    Quite a hype.Rebrabded Elementor (which they also mention on their site).

    If I want to create a simple website for myself, just list some likes hobbies and all, what would be your recommendation on a theme or platform to use?

    I chose WordPress and didn't regret it.
    With a decent quality theme, and not too many (needless?) plugins, it can run fast (enough) and be stable and secure.

    Stuff like Getsby and other "faster alternatives" ruin the sole purpose of using WordPress: the ease and simplicity of adding new, and editing old content.

    Over the past 5 years I've had people complain about various stuff on my websites, but speed was never one of them. Not because my websites are "super optimized", but because people don't really care (unless you're trying to sell them stuff they don't really need - for that every little trick helps), as long as a page loads in under 5 seconds.

    Kinda second that. If you have dynamic content or want to easily change content WP is great. Also, if you get smth like Divi theme lifetime license you can setup a page from hundreds of templates and dont worry about recurring subscriptions.

    I... I vote for brizy.io if one is going for "page builders" with lifetime packages.
    Seriously considering going with that - but for projects. For my own websites, I prefer no-page builder solutions. For now at least.

    I just checked out brizy.. looks interesting. Is the lifetime deal worth at $300? Thanks

  • @vyas said:

    @localhost said:

    @vyas said:

    @localhost said:
    any thoughts / comments on https://10web.io/ai-website-builder/ ?

    They currently have a 30% lifetime off promo. Not sure whether this is just hype or really works...

    thanks

    Quite a hype.Rebrabded Elementor (which they also mention on their site).

    If I want to create a simple website for myself, just list some likes hobbies and all, what would be your recommendation on a theme or platform to use?

    I think there are a few ways you can tackle this one...
    Till the time you build up some content/traffic/following, here's what I would suggest:

    Start with shared hosting @SmallWeb @webhorizon or even the 'free' plans by the providers here

    --> Recommended: feel free to bug @seriesn on this matter if you already aren't a 'family' member.

    I would even propose starting with a lightweight Content Management System like Htmly or Bludit where your focus will be creation not website configuration/management. You can even start at the 1/4 GB (250 MB) plan this way. Once you have about 8 or 10 posts, then look at WP. Minimum 1 GB plan for storage in shared hosting,
    For VPS: 512 MB Ram minimum with 10 GB disk space. KVM or OVZ or LXC, does not matter.
    I prefer Webinoly, you can look at wordops or litespeed based script. Or, Runcloud but then RAM should be 1 GB min. Sign up with a CDN.

    Below is a test site I created this morning for testing Blocksy theme (with Brizy :-1: ) runs on the $7 OVZ by VPSDime (thanks @serverian) + U20.04 (I know..) + WP on webinoly + cache+blocksy/Brizy + CDN.

    You can try a templae with blocksy+Gutenburg for better speeds.

    https://da.afeeds.tk

    Not optimized or CDN is not fully activated, so there will be slow slow speeds initially.
    Google page speed insights shows 53 on Mobile, 84 on desktop.

    Edit: Blocksy + Gutenburg gives 25 percent better results.

    @bikegremlin and @ympker might have more suggestions on the matter.

    Thanks so much for the detailed response. I have a host already. Thanks ?

  • edited October 2020

    @vyas said: I would even propose starting with a lightweight Content Management System like Htmly

    I thought that HTMLy had been abandoned, but I've just checked and was pleased to see that there was a new release in May of this year, after a period of more than four years without a new release. I hope that they will be able to regain some momentum, but I'm also afraid that they may have lost a lot of users to other frameworks during these past four years.

    Thanked by (1)Ympker

    "A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)

  • vyasvyas OGRetired
    edited October 2020

    @angstrom said:

    @vyas said: I would even propose starting with a lightweight Content Management System like Htmly

    I thought that HTMLy had been abandoned, but I've just checked and was pleased to see that there was a new release in May of this year, after a period of more than four years without a new release. I hope that they will be able to regain some momentum, but I'm also afraid that they may have lost a lot of users to other frameworks during these past four years.

    Typesettecms too ... from
    Near abandonware to Beta.

    Another sweet cms

    Can anybody suggest a website load testing service like loader?

    I am now getting speeds of 90 on mobile on the test site (google pagespeed).
    Need to test how much the system can take

    Thanked by (1)angstrom
  • @vyas said:

    @angstrom said:

    @vyas said: I would even propose starting with a lightweight Content Management System like Htmly

    I thought that HTMLy had been abandoned, but I've just checked and was pleased to see that there was a new release in May of this year, after a period of more than four years without a new release. I hope that they will be able to regain some momentum, but I'm also afraid that they may have lost a lot of users to other frameworks during these past four years.

    Typesettecms too ... from
    Near abandonware to Beta.

    Another sweet cms

    Can anybody suggest a website load testing service like loader?

    I am now getting speeds of 90 on mobile on the test site (google pagespeed).
    Need to test how much the system can take

    Load testing?
    Octoperf works for free for up to 50 simultaneous visitors, browsing, with no caching.
    Can be configured for opening page after page, as soon as one page is loaded - on to the next.

    Since most people are likely to spend at least a second on a page (before leaving, or opening another page), I suppose this test is the equivalent of having a lot more "simultaneous" visitors (since not all of them will just keep opening pages while they are browsing the site).

    For more than 50 visitors - Octoperf asks for money.

    Thanked by (1)vyas

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • vyasvyas OGRetired
    edited October 2020

    Octoperf is pretty interesting. Pretty intuitive to set up and use (I hope)
    I capped the visits to 35 over 10 minute period, (Paris) second test with 48, DO location in my city.
    Need to read up further on what the charts tell us, but this one seems to be easy to follow.

    350

    Thanked by (2)Ympker vikram
  • vyasvyas OGRetired
    edited October 2020

    Till end of October 2020:
    Siteorigin pagebuilder for WP has a 30% discount> I had written about Siteorigin in the series on pagebuilders
    Prices:
    $ 29 for 1 site / $ 49 for 5.

    Link to order: https://siteorigin.com/downloads/premium/


    @localhost said:

    @bikegremlin said:

    @Ympker said:

    @bikegremlin said:

    @localhost said:

    @vyas said:

    @localhost said:
    any thoughts / comments on https://10web.io/ai-website-builder/ ?

    They currently have a 30% lifetime off promo. Not sure whether this is just hype or really works...

    thanks

    Quite a hype.Rebrabded Elementor (which they also mention on their site).

    If I want to create a simple website for myself, just list some likes hobbies and all, what would be your recommendation on a theme or platform to use?

    I chose WordPress and didn't regret it.
    With a decent quality theme, and not too many (needless?) plugins, it can run fast (enough) and be stable and secure.

    Stuff like Getsby and other "faster alternatives" ruin the sole purpose of using WordPress: the ease and simplicity of adding new, and editing old content.

    Over the past 5 years I've had people complain about various stuff on my websites, but speed was never one of them. Not because my websites are "super optimized", but because people don't really care (unless you're trying to sell them stuff they don't really need - for that every little trick helps), as long as a page loads in under 5 seconds.

    Kinda second that. If you have dynamic content or want to easily change content WP is great. Also, if you get smth like Divi theme lifetime license you can setup a page from hundreds of templates and dont worry about recurring subscriptions.

    I... I vote for brizy.io if one is going for "page builders" with lifetime packages.
    Seriously considering going with that - but for projects. For my own websites, I prefer no-page builder solutions. For now at least.

    I just checked out brizy.. looks interesting. Is the lifetime deal worth at $300? Thanks

    -->https://appsumo.com/brizy-design-kit/

    start here scale up once you see value.

    Thanked by (1)bikegremlin
  • @vyas said:
    Till end of October 2020:
    Siteorigin pagebuilder for WP has a 30% discount> I had written about Siteorigin in the series on pagebuilders
    Prices:
    $ 29 for 1 site / $ 49 for 5.

    Link to order: https://siteorigin.com/downloads/premium/


    @localhost said:

    @bikegremlin said:

    @Ympker said:

    @bikegremlin said:

    @localhost said:

    @vyas said:

    @localhost said:
    any thoughts / comments on https://10web.io/ai-website-builder/ ?

    They currently have a 30% lifetime off promo. Not sure whether this is just hype or really works...

    thanks

    Quite a hype.Rebrabded Elementor (which they also mention on their site).

    If I want to create a simple website for myself, just list some likes hobbies and all, what would be your recommendation on a theme or platform to use?

    I chose WordPress and didn't regret it.
    With a decent quality theme, and not too many (needless?) plugins, it can run fast (enough) and be stable and secure.

    Stuff like Getsby and other "faster alternatives" ruin the sole purpose of using WordPress: the ease and simplicity of adding new, and editing old content.

    Over the past 5 years I've had people complain about various stuff on my websites, but speed was never one of them. Not because my websites are "super optimized", but because people don't really care (unless you're trying to sell them stuff they don't really need - for that every little trick helps), as long as a page loads in under 5 seconds.

    Kinda second that. If you have dynamic content or want to easily change content WP is great. Also, if you get smth like Divi theme lifetime license you can setup a page from hundreds of templates and dont worry about recurring subscriptions.

    I... I vote for brizy.io if one is going for "page builders" with lifetime packages.
    Seriously considering going with that - but for projects. For my own websites, I prefer no-page builder solutions. For now at least.

    I just checked out brizy.. looks interesting. Is the lifetime deal worth at $300? Thanks

    -->https://appsumo.com/brizy-design-kit/

    start here scale up once you see value.

    Wow. Thank you. Just signed up for this one.

  • vyasvyas OGRetired
    edited October 2020

    I've been playing around with ClassicPress,
    a Wordpress fork.
    As per the ClassicPress team, "without the bloat".
    Long story short, from last weekend, I have tried installing it in every possible way they have mentioned in their docs (plugin, command line, etc..)

    Will write a detailed post over the coming weekend.- probably my last one for the year. But it's worth a look.

    Thanked by (3)Ympker bikegremlin Matt247
  • vyasvyas OGRetired

    @vyas said:
    I've been playing around with ClassicPress,
    a Wordpress fork.
    As per the ClassicPress team, "without the bloat".
    Long story short, from last weekend, I have tried installing it in every possible way they have mentioned in their docs (plugin, command line, etc..)

    Will write a detailed post over the coming weekend.- probably my last one for the year. But it's worth a look.

    I was planning to write a post on this topic, as I had mentioned earlier in the week. However, an eye infection prevents me from spending any time longer in front of a screen than absolutely necessary. Since I had mentioned about this post, here it is.

    OpenLitespeed + ClassicPress + Quic.cdn + Generatepress theme

    The above is a super lethal combination to make your website cruise at highway speeds.

    I have tested this combination on a variety of environments:

    • shared hosting (SmallWeb New York, Myw.pt)
    • DIY on a VPS (KVM- Virmach, Chicago) and I have had some great results.

    Here is a test site on Virmach $6 vps from BF last year. It uses a diff theme though.

    • I would also recommend setting up an account with quick CDN. For LS enterprise which most shared hosting offers you get 10 gigabytes of data transfer, a month, which for images is more than enough. So also for scripts.

    Next, we have classic press

    If you're planning to run a basic blog.

    Most of the themes work. Most of the bells and whistles work. I will add a list in a post later on What does not work. Specifically, themes and plugins.

    Generate press works beautifully. So also Hestia theme. Happy files, plugin does not. It will break your site.

    And finally, for CDN shift eight is another one which has worked quite well for me. Both quick and shift have multiple pops including in India.

    I have not done. Head to head comparison because other parameters were different. For example, network. And you can't really compare LS enterprise, with an open lite speed on an OVZ

    You can try Similar locations For example, two services in Singapore.

    In terms of page load tests I tried up to 50 visits at a time. Adequate for a Very small, lightweight website. If someone has an account with loader.io or similar service you can try for higher speeds.

    Google page speeds are around 80 for mobile and 90 plus for desktop without any tweaks. Not a bad base to start on.

    (I used otter speech to text to “write” this post, pardon the typos)

  • vyasvyas OGRetired
    edited October 2020

    Update: The combinations I have tried so far:

    a. OVZ (VPS Dime)--> Webinoly --> WordPress -->Converted to ClassisPresss + Shift
    b. KVM (Virmach NY--> OpenLiteSpeed --> WordPress --> Converted to ClassicPress + QuikCDN (excluded since it was higer than the price threshold)
    c. Shared (Smallweb SG, 1 GB Plan) --> WordPress + Quik

    screenshot of admin dashboard of ClassicPress. Image by A VYas
    I have tried many other CDNs including BunnyCDN of course, and Aravna cloud (not too happy with them). My goal was to set up a fully functional WP blog in under $ 7 a year, using the handy available tools. Start frugal, move to paid as website gathers traffic.
    I had used fast.io for inline images- since they are closing shop for free tier in a couple of months, I decided not to include.

  • ClassicPress?
    I find Gutenberg very practical. It has improved backend performance by a huge amount since its launch.
    My logic being: I am using a CMS (not making a static HTML website), and if there is an upside to it, it is the ease of content adding and editing.
    Gutenberg now enables easy placement of anchor links, without editing HTML - doing it from the regular text editor.
    It enables rearrangement of blocks with easy clicks (a lot more convenient than copy/pasting blocks of text).

    I'm not a fan of "upgrades/updates" at all costs, but Gutenberg has a lot more pros than cons, at least in my experience. It is a change for the better.

    Not sold on ClassicPress.

    Thanked by (1)Ympker

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • vyasvyas OGRetired
    edited October 2020

    @bikegremlin said:
    ClassicPress?
    I find Gutenberg very practical. It has improved backend performance by a huge amount since its launch.
    My logic being: I am using a CMS (not making a static HTML website), and if there is an upside to it, it is the ease of content adding and editing.
    Gutenberg now enables easy placement of anchor links, without editing HTML - doing it from the regular text editor.
    It enables rearrangement of blocks with easy clicks (a lot more convenient than copy/pasting blocks of text).

    I'm not a fan of "upgrades/updates" at all costs, but Gutenberg has a lot more pros than cons, at least in my experience. It is a change for the better.

    Not sold on ClassicPress.

    Indeed- Gutenburg is the way forward, but there are applications where non-Gutenburg WP has its uses.
    There has been a talk that Gutenburg will soon be mature enough to make Pagebuilders like Elementor or Beaver Builder redundant completely.

    I see a parallel in Drupal World: Blackcat CMS based on Drupal 7.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @vyas said:

    @bikegremlin said:
    ClassicPress?
    I find Gutenberg very practical. It has improved backend performance by a huge amount since its launch.
    My logic being: I am using a CMS (not making a static HTML website), and if there is an upside to it, it is the ease of content adding and editing.
    Gutenberg now enables easy placement of anchor links, without editing HTML - doing it from the regular text editor.
    It enables rearrangement of blocks with easy clicks (a lot more convenient than copy/pasting blocks of text).

    I'm not a fan of "upgrades/updates" at all costs, but Gutenberg has a lot more pros than cons, at least in my experience. It is a change for the better.

    Not sold on ClassicPress.

    Indeed- Gutenburg is the way forward, but there are applications where non-Gutenburg WP has its uses.
    There has been a talk that Gutenburg will soon be mature enough to make Pagebuilders like Elementor or Beaver Builder redundant completely.

    I see a parallel in Drupal World: Blackcat CMS based on Drupal 7.

    Looking at the likes of Qubely and Redux.io, I believe that may very well be the case in the future. While Divi, for example, also integrates as a "custom block" in Gutenberg, the likes if Qubely/Redux etc are entirely set out to work right of the bat with Gutenberg and thus many "gutenberg builders" (Don't forget there's many good already like Ultimate Addons etc) can be combined. A big premade layout library, obviously, is still highly appreciated, so Qubely and most others fall flat compared to Divi and Elementor, but over time.. No one can tell.

    Where I still see a bright future for Divi is its' theme. Premium themes with lifetime updates are the way to go. Most free themes have some essential features locked.

  • I'd guess there will be a place for page builders - for the more exotic design features.

    I also see a future for themes - since they could be selling a pre-set configuration, for good looks and functionality.
    Just like many people don't know how to code, many also don't really know how to make a good visual (and functional) design.

    WordPress is a money making machine, and if they make it impossible for the people involved to make money from it, they'd be shooting themselves in the foot.

    For as long as I have been into it (6 years now), themes and plugins have been like: you can use them for free, but if you start making money, need more options, you need to either do some coding, or pay for the theme/plugin pro version. Not forcing you, but you come to the point when that is clear. Especially for multi-lingual websites (entire non-native English speaking world) and web-shops (money making).

    Lifetimes are not sustainable in the long run. If they are limited, or exceptional promotions (for fund raising, instead of loans from a bank), then it can work.

    Thanked by (1)Ympker

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • vyasvyas OGRetired
    edited October 2020

    p.s: The detault theme for WordPress Twenty Twenty One:
    https://make.wordpress.org/core/2020/09/23/introducing-twenty-twenty-one/

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @vyas said:
    p.s: The detault theme for WordPress Twenty Twenty One:
    https://make.wordpress.org/core/2020/09/23/introducing-twenty-twenty-one/

    It doesn't look bad, but tbh I never liked the default themes much :/

  • YmpkerYmpker OGContent Writer
    edited October 2020

    @Ympker said:

    @LeonDynamic said:

    @Ympker said:
    I also found smth like https://wordpress.org/plugins/attachment-pages-redirect/#description but, obviously, if the plugin stops being updated... I could also setup redirects in htaccess or similar but oh boy..

    You can do this automatically within WordPress using the functions file without the need for a plugin. I suspect this is what the plugin is doing anyway.

    I think the Yoast SEO plugin, if you use it, has an option for this as well.

    There was a tutorial for Yoast to do this but they moved it to the pro version, I believe.

    I found this code, although when updating the theme while not using a child theme it could become a problem.

    function myprefix_redirect_attachment_page() {
      if ( is_attachment() ) {
          global $post;
          if ( $post && $post->post_parent ) {
              wp_redirect( esc_url( get_permalink( $post->post_parent ) ), 301 );
              exit;
          } else {
              wp_redirect( esc_url( home_url( '/' ) ), 301 );
              exit;
          }
      }
    }
    add_action( 'template_redirect', 'myprefix_redirect_attachment_page' );
    

    So, remember about the automatic creation of Media Attachment Pages? Because I don't use child theme, I took the code I found, put it in a WordPress plugin boiler plate and created my own "plugin" to make that redirect happen. Now, site count shouldn't be that high anymore :)

    Thanked by (1)bikegremlin
  • yokowasisyokowasis Services Provider
    edited October 2020

    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

  • @yokowasis said:
    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

    As far as I know, sorted from the most, to the less common:

    1) Theme/plugin problem (security issue). Either for not updating, or for using poorly written ones.

    2) Poor user security habits/awareness. Clicking on an email and giving data away, or using admin/admin123 username/password combos.

    3) Hosting provider problem, poor server security.

    Thanked by (1)Ympker

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • yokowasisyokowasis Services Provider

    @bikegremlin said:

    @yokowasis said:
    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

    As far as I know, sorted from the most, to the less common:

    1) Theme/plugin problem (security issue). Either for not updating, or for using poorly written ones.

    2) Poor user security habits/awareness. Clicking on an email and giving data away, or using admin/admin123 username/password combos.

    3) Hosting provider problem, poor server security.

    Can you give example of case Number 3 ?

  • @yokowasis said:

    @bikegremlin said:

    @yokowasis said:
    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

    As far as I know, sorted from the most, to the less common:

    1) Theme/plugin problem (security issue). Either for not updating, or for using poorly written ones.

    2) Poor user security habits/awareness. Clicking on an email and giving data away, or using admin/admin123 username/password combos.

    3) Hosting provider problem, poor server security.

    Can you give example of case Number 3 ?

    EIG, and some local providers come to mind.
    First thing that pops to mind is a http only hosting provider control panel (backend) - didn't work using https.

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • yokowasisyokowasis Services Provider

    @bikegremlin said:

    @yokowasis said:

    @bikegremlin said:

    @yokowasis said:
    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

    As far as I know, sorted from the most, to the less common:

    1) Theme/plugin problem (security issue). Either for not updating, or for using poorly written ones.

    2) Poor user security habits/awareness. Clicking on an email and giving data away, or using admin/admin123 username/password combos.

    3) Hosting provider problem, poor server security.

    Can you give example of case Number 3 ?

    EIG, and some local providers come to mind.
    First thing that pops to mind is a http only hosting provider control panel (backend) - didn't work using https.

    is HTTPS really increase the security though ? After all, it's just preventing prying eyes. HTTPS doesn't really preventing someone from hacking your web.

  • @yokowasis said:

    @bikegremlin said:

    @yokowasis said:

    @bikegremlin said:

    @yokowasis said:
    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

    As far as I know, sorted from the most, to the less common:

    1) Theme/plugin problem (security issue). Either for not updating, or for using poorly written ones.

    2) Poor user security habits/awareness. Clicking on an email and giving data away, or using admin/admin123 username/password combos.

    3) Hosting provider problem, poor server security.

    Can you give example of case Number 3 ?

    EIG, and some local providers come to mind.
    First thing that pops to mind is a http only hosting provider control panel (backend) - didn't work using https.

    is HTTPS really increase the security though ? After all, it's just preventing prying eyes. HTTPS doesn't really preventing someone from hacking your web.

    It's a very basic, elementary example - allowing a relatively easy interception of your control panel login credentials does open the doors to do a lot of fun stuff.
    Lock doesn't really prevent everyone from stealing my bicycle, but it doesn't make sense to leave it completely unlocked, does it?

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • yokowasisyokowasis Services Provider
    edited October 2020

    @bikegremlin said:

    @yokowasis said:
    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

    As far as I know, sorted from the most, to the less common:

    1) Theme/plugin problem (security issue). Either for not updating, or for using poorly written ones.

    2) Poor user security habits/awareness. Clicking on an email and giving data away, or using admin/admin123 username/password combos.

    3) Hosting provider problem, poor server security.

    Back to this example.

    1. I make sure all of the websites only installing well known plugin / themes from wordpress.org and keep it updated.
    2. It's a strong password. Is it possible the bot, bruteforcing, using past breached username / password ?
    3. If, it's regarding https, I am sure almos nobody use plain http anymore these days.

    If it's not 3, i think it's number 2. I mean even if the password is complex, doesn't really matter if it's on some hacker's username / password database. Is there any such a case happened in the past ?

Sign In or Register to comment.