undefined | Better HN

0 pointsquanticle10y ago0 comments

>However, I don't agree with the apparently widespread conclusion that it follows, from this sentiment, that not publishing is better than publishing using a less-than-lovely platform.

After having had to deal with the aftermath of a hacked Wordpress site that was sending out massive amounts of spam, I would respectfully disagree. I consider Wordpress (and Wordpress plugins, especially) as essentially a security hole that allows malicious actors to gain free access to relatively powerful hardware on fat datacenter pipes, making the Internet worse for everyone around them.

By all means, publish. But don't publish using a platform that allows unauthorized users to misuse your hardware and turn it into a spam zombie/DDOS box/staging box for hacks, etc.

0 comments

TheOtherHobbes10y ago

I see

"GET /wp-login.php HTTP/1.1"

about eight times a day on my lowest traffic sites. And I don't even have WP installed. (Or PHP.)

WP is a distributed botnet farm. I know people who have given up reseller hosting businesses because keeping customer WP installs clean was becoming a 24/7 job for them.

Unfortunately Hugo, Jekyll, etc are a poor substitute for WP, because they're much too difficult for non-coders to use. They're also a poor substitute economically - the WP template & plug-in market is huge.

It must surely be possible to build a blog engine that's secure, easy to use, and easy to customise?

j / k navigate · click thread line to collapse