On 08/10/11 04:24, Glenn English wrote:
> One of my users wants to put up a blog using WordPress. I notice
> there's a package for WordPress in aptitude, but it's in php.
WordPress uses php - regardless of where you get it from.
> I don't do php on my web server because I was told of huge security
> problems in it
Web servers have huge security problems. The internet has huge security
You've been given poor advice. Make sure you keep WordPress up-to-date.
> -- and until I turned off the php interpreter in
> Apache, I got many break in attempts involving phpAdmin and such.
Which is why you don't run the login page as default.
Over-simplification == dumbing-down - with a logical conclusion ;-p
It's like arguing the obscurity is inferior to open in regards to
security. It fallacious logic. It's *not* and either/or situation - a
mixture of both is superior to either.
Wordpress is a CMS - almost all CMSs use php (and MySQL). All software
has insecurities - not using software is *not* the solution.
Consider *not* advertising the version or type of software you're using,
don't use www.site.tld/admin as the login page, don't use "admin" as the
administrator name, don't forget to check your file permissions, do keep
your software up-to-date, do keep multiple backups *and* use md5 sums.
> Do any of you know of a similar package in, say, Perl or Python? Or
> can anyone convince me that php is safe?
Those are not answerable questions (the latter is a "are you still
beating your wife?" type question!).
Consider carefully what you want to do, and choose the appropriate
software for it.
EG. if you want to run a blog then WordPress is a fine choice
(provisionally), if you want to run a worm farm then Joomla is an
excellent choice (and you'll have lots of company). If you don't want to
spent the time becoming an expert in Apache etc - use hosting.
WordPress is ideal for people with limited time who want a blog (content
changes regularly). It can be "converted" into a website CMS - and a
Ferrari can be converted into a manure spreader (but it's less than ideal).
I hope that somewhat answers your questions. If not perhaps consider
rephrasing them and telling us what you want WordPress for, and in what
circumstances you wish to run it - and we'll suggest Debian solutions
- From: Glenn English <firstname.lastname@example.org>