[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php

On 08/10/11 04:24, Glenn English wrote:
> One of my users wants to put up a blog using WordPress. I notice
> there's a package for WordPress in aptitude, but it's in php.

WordPress uses php - regardless of where you get it from.

> I don't do php on my web server because I was told of huge security
> problems in it 

Web servers have huge security problems. The internet has huge security
You've been given poor advice. Make sure you keep WordPress up-to-date.

> -- and until I turned off the php interpreter in
> Apache, I got many break in attempts involving phpAdmin and such.

Which is why you don't run the login page as default.
Over-simplification == dumbing-down - with a logical conclusion ;-p

It's like arguing the obscurity is inferior to open in regards to
security. It fallacious logic. It's *not* and either/or situation - a
mixture of both is superior to either.

Wordpress is a CMS - almost all CMSs use php (and MySQL). All software
has insecurities - not using software is *not* the solution.

Consider *not* advertising the version or type of software you're using,
don't use www.site.tld/admin as the login page, don't use "admin" as the
administrator name, don't forget to check your file permissions, do keep
your software up-to-date, do keep multiple backups *and* use md5 sums.

> Do any of you know of a similar package in, say, Perl or Python? Or
> can anyone convince me that php is safe?

Those are not answerable questions (the latter is a "are you still
beating your wife?" type question!).

Consider carefully what you want to do, and choose the appropriate
software for it.
EG. if you want to run a blog then WordPress is a fine choice
(provisionally), if you want to run a worm farm then Joomla is an
excellent choice (and you'll have lots of company). If you don't want to
spent the time becoming an expert in Apache etc - use hosting.

WordPress is ideal for people with limited time who want a blog (content
changes regularly). It can be "converted" into a website CMS - and a
Ferrari can be converted into a manure spreader (but it's less than ideal).

I hope that somewhat answers your questions. If not perhaps consider
rephrasing them and telling us what you want WordPress for, and in what
circumstances you wish to run it - and we'll suggest Debian solutions
for it.


Reply to: