Hello Shane,
On 7/21/15 10:13 AM, Vy-Shane Sin Fat wrote:
> The poor track record of Wordpress security is a recurring topic in this
> mailing list, with some members going out of their way to look for
> alternative blog engines [1]. We also often see reports of Mauritian
> websites being compromised.
>
I'd say Mauritian websites get compromised due to the way they are (not)
maintained. It could be WordPress, Drupal, Joomla or any other CMS.
> Here's an alternative solution what should be very resilient:
>
> 1) Use a static site generator like Jekyll [2]
> 2) Deploy the site as a read-only Docker container
>
I doubt that people who were not serious about updating their CMS,
plugins, themes, would seriously think about setting up something on
Jekyll. I have nearly 500 posts (with images & plugins for specific
tasks etc) and migrating to Jekyll isn't a solution for me. I'd say
Jekyll could suit someone who is just starting his/her site.
Today it's Jekyll, tomorrow we might have another talk-of-the-town which
could be faster-lighter-more-secured and well maintained. For someone
who has an existing website with tons of content I would not advise
migrating but rather be security-conscious and take into consideration
all aspects of hosting.
Somebody could think of Jekyll to be "un-breakable" and leave folders
world-writable. What if tomorrow a vulnerability is discovered in the
webserver software itself? Therefore rather than saying this is more
secure than that I'd say choose *one* and plan your project well.
Even when talking about Microsoft Sharepoint I usually mention
"sharepoint is a robust product but with meticulous config"... and
configuration is where admins mostly leave security holes.
Regards,
--
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Tue Jul 21 2015 - 16:13:11 PST