| « The New Unified Network | Forced Network Changes » |
New Blogging Software
As many of our customers and visitors noticed (and were kind enough to let us know about), we had a lot of problems with our blog being redirected and modified through WordPress exploits in various versions of the software. Upgrading didn't seem to help and the exploits would occasionally render WordPress unusable or substantially modify its behavior. As this appears to be a common occurrence with WordPress, we decided to replace it with b2evolution to see if things run any smoother. Please let us know if you identify any problems with the new software. If we continue to have issues, we'll look into other alternatives.
3 comments
Comment from: JLeuze [Visitor] · http://www.jleuze.com
That's too bad, WordPress has always been really good for me, no hacks or exploits.(knock on wood...) But maybe Steadfast is a victim if their own success :)
In my experience from spending time in the WordPress forums, security issues generally have a pretty small window of opportunity, as new versions come out so often. I haven't heard about any 2.5/2.6 installs of WordPress being exploited yet anyways.
I would encourage anyone else on WordPress, before giving up on it, to make sure they are running the latest version, beef up your spam protection with the appropriate plugins, and look into hardening your install:
http://codex.wordpress.org/Hardening_WordPress
In my experience from spending time in the WordPress forums, security issues generally have a pretty small window of opportunity, as new versions come out so often. I haven't heard about any 2.5/2.6 installs of WordPress being exploited yet anyways.
I would encourage anyone else on WordPress, before giving up on it, to make sure they are running the latest version, beef up your spam protection with the appropriate plugins, and look into hardening your install:
http://codex.wordpress.org/Hardening_WordPress
2008-08-13 @ 09:00
Comment from: Nick [Visitor]
This is BS
If you stay up to date with the latest editions of WP you won't get 'exploited'
The New York Times has used Wordpress for all of their blogs for quite some time and has not had any problems. And I can assure you, the NyTimes is a MUCH bigger target than Steadfast.
There is nothing wrong with WP, and people shouldn't think that there is.
If you stay up to date with the latest editions of WP you won't get 'exploited'
The New York Times has used Wordpress for all of their blogs for quite some time and has not had any problems. And I can assure you, the NyTimes is a MUCH bigger target than Steadfast.
There is nothing wrong with WP, and people shouldn't think that there is.
2008-08-13 @ 10:46
We had to update at some points more than once per month and it didn't seem to help. It's possible the system was exploited early on and the exploit was well enough hidden that it left a hole in the installation we couldn't find, though I checked all the user privileges and reset passwords several times. I always replaced the entire installation, so it wasn't a file-based issue. Starting fresh was a good way to escape and I honestly like b2evolution's interface better.
We kept our spam filtering active and correctly configured--we never had any spam--but the problem was that people were finding creative ways to edit our posts and hide HTML in them we couldn't see without checking the posts manually.
If you have to upgrade your software as regularly as WordPress required to keep it secure, it's a bad thing. Security by obscurity, while it shouldn't be a primary method of security, still works. b2evolution is less commonly used and far less likely to be a target of automated attacks. b2evolution last reported a security alert in December 2006, WordPress has several times since then.
Also, the NY Times may use WordPress, but I doubt they use it in an unmodified form, just as hosted WordPress at wordpress.com is surely not the exact same set of code. So you're probably looking at a very different administrative model which helps prevent the "automated attack" vectors from being easily exploitable.
I am not saying WordPress is horrible software fundamentally, but we haven't found we can trust it, so we're switching.
We kept our spam filtering active and correctly configured--we never had any spam--but the problem was that people were finding creative ways to edit our posts and hide HTML in them we couldn't see without checking the posts manually.
If you have to upgrade your software as regularly as WordPress required to keep it secure, it's a bad thing. Security by obscurity, while it shouldn't be a primary method of security, still works. b2evolution is less commonly used and far less likely to be a target of automated attacks. b2evolution last reported a security alert in December 2006, WordPress has several times since then.
Also, the NY Times may use WordPress, but I doubt they use it in an unmodified form, just as hosted WordPress at wordpress.com is surely not the exact same set of code. So you're probably looking at a very different administrative model which helps prevent the "automated attack" vectors from being easily exploitable.
I am not saying WordPress is horrible software fundamentally, but we haven't found we can trust it, so we're switching.
2008-08-13 @ 13:36
Comment feed for this post