Problems activating your account? Send notification email to: admin@post4vps.com
Host4Fun Budget VPS Hosting
Poll: Do you recommend the use of Static Website Generators? If yes, which one do you recommend?
Yes. My choice is Jekyll
Yes. My choice is Hugo
Yes. I'm using a different one.
No. I prefer the convenience of a Content Management System.
[Show Results]
 
 

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Do you recommend Static Website Generators - Hugo or Jekyll? Or another one?
#21
(01-13-2020, 04:21 PM)deanhills Wrote:  I find your criticism of WordPress a bit simplistic. Obviously the way you use the WordPress script will determine how secure it will be. I've been using WordPress since 2012 and have done several courses in it too. You can use it both as a static and a dynamic Website. Static in the sense that it has no users, cannot get any feedback - you have the option to untick or tick boxes to make it completely static except for the fact it's still database driven. I've run most of my WordPress sites in this way. Also, there are plugins and plugins. WordPress has a beautiful system where you can check out the plugins before you use them. One should make sure one only uses a plugin that is listed and "vetted" by WordPress - and the list also shows when last the plugin has been updated. One can also easily check feedback of the plugin and support questions. As well as feedback of the styles and possible conflicts with plugins or overuse of resources. All the info is out there - all one has to do is Google it.

Joomla can be a security issue if the script is not up to date, which is easier to happen as it is comparably more difficult to update Joomla from one version to another (particularly when one jumps versions) than WordPress. With WordPress you can put all of your script and plugins on automatic updates. You also have a huge security plugin like WordFence for WordPress, which has an excellent free version as well, that is really good.

The security literature for WordPress is huge. Literature for WordPress is huge. But yes, if you haven't gone the full rounds of learning how to use WordPress properly, then that could be a security issue in its own right. Ditto Joomla. If you're an experienced user of Joomla then you'll probably be more experienced to know how to use Joomla securely vs when you don't know how to use WordPress. WordPress Dashboard for a first time user doesn't work instinctively. You have to figure it out, or maybe do a few courses to fasttrack learning first. Knowledge as we know is always the best security tool. So yes, beginners of WordPress should tread carefully and cautiously. Ditto Joomla first-time users.

I appreciate you taking the time and effort to explain all of that!

I should’ve elaborated a bit more on why I jumped into the conclusion that Wordpress isn’t something you’d want to use. So here it is:

This opinion of mine isn’t brought by my own experience. For a matter of fact, I’ve never used Wordpress nor Joomla. It is brought by what I’ve seen people in the heliohost community (a lot of them!) experiencing when using it.

Almost all of them complain on how much load it causes compared to something like Joomla. And the majority of them say that it’s not secure at all (I can’t say why, as I haven’t paid much attention towards their reasoning). The majority switch to a different CMS (e.g. Joomla) and instantly start talking about how much better it is compared to Wordpress.

This lead me to develop an opinion of my own regarding that Wordpress isn’t something people should use.

However, you have changed that perception of mine and I admit that I am indeed wrong.
Special thanks to Post4VPS and VirMach for providing me with VPS9! It is insanely powerful and fast!
Reply
#22
(01-13-2020, 10:01 AM)ikk157 Wrote:  Many people are complaining that Wordpress is a security nightmare. Specially if you use plugins with it. It also tends to cause high load, not exactly something you’d want.

I wouldn’t personally recommend it. If you want a CMS, use something such as Joomla. But avoid Wordpress if you can.

I don't know who are those many people complain about Wordpress but I can't tell you the problem is on their side, not on Wordpress. Not sure how old you have used Joomla or Wordpress but I have used both since Since 2009. I don't like changes lot so I took my time before movin to Wordpress from Static. I really should have moved to Wordpress couple years before. I have dropped Joomla long time ago. It has lost the compition long time ago.

99% of Wordpress oriented problems are users fault. If it's a hacking 99% times the reason is because people using stupidly simple passwords or not keeping the site updated. A user should never use Admin as username and also always need to use at least 12 chractors as password.

Second thing :- The first you need to do after installing a fressh wordpress installation is do a speed test and mark your site speed without any themes or plugins. (Just use the default theme). Then always check the speed when installed a new theme or plugin.  Also I would only use themes/pugins from Wordpress repository. Even thats only after reading all reviews about those.

If you do those then most of those so call problems won't ever happen. In reality those high load issues rarely happen these days. Servers are quite powerful these days so those can handle. It's something really abnormals its either you have a crappy theme/plugin installed which can easily weed out or you are getting DDOSed by someone which has nothing to do with WP. I have one server where I run more than 30  avarage size Wordpress sites along with 2 big SMF forums. If I get a high load problem that usually caused by one of those forums.

Remember Wordpress is just a tool. A good one which has been built and vetted by the best in the field. If there is something wrong with your Wordpress sites then thats due to how you manage it. Otherwise  Wordpress wouldn't become crazy popular.

~ Be yourself everybody else is taken ~



Reply
#23
(01-15-2020, 12:30 PM)xdude Wrote:  I don't know who are those many people complain about Wordpress but I can't tell you the problem is on their side, not on Wordpress. Not sure how old you have used Joomla or Wordpress but I have used both since Since 2009. I don't like changes lot so I took my time before movin to Wordpress from Static. I really should have moved to Wordpress couple years before. I have dropped Joomla long time ago. It has lost the compition long time ago.

99% of Wordpress oriented problems are users fault. If it's a hacking 99% times the reason is because people using stupidly simple passwords or not keeping the site updated. A user should never use Admin as username and also always need to use at least 12 chractors as password.

Second thing :- The first you need to do after installing a fressh wordpress installation is do a speed test and mark your site speed without any themes or plugins. (Just use the default theme). Then always check the speed when installed a new theme or plugin.  Also I would only use themes/pugins from Wordpress repository. Even thats only after reading all reviews about those.

If you do those then most of those so call problems won't ever happen. In reality those high load issues rarely happen these days. Servers are quite powerful these days so those can handle. It's something really abnormals its either you have a crappy theme/plugin installed which can easily weed out or you are getting DDOSed by someone which has nothing to do with WP. I have one server where I run more than 30  avarage size Wordpress sites along with 2 big SMF forums. If I get a high load problem that usually caused by one of those forums.

Remember Wordpress is just a tool. A good one which has been built and vetted by the best in the field. If there is something wrong with your Wordpress sites then thats due to how you manage it. Otherwise  Wordpress wouldn't become crazy popular.

You have many solid points there which I highly agree with.

However, the one point where you mention that it’s almost always the users’ fault doesn’t seem to make Wordpress any better in my opinion.

Part of what makes a piece of software good is how hard it is to mess up from the end users perspective. If something is so easily messed up to the point where it no longer gets secure, then that already ruins its overall quality. Bare in mind that not everyone out there is a security expert or a web developer. There are people who don’t know any of that and simply just want to host their own website. Now if the software they’re using isn’t inexperienced people proof, it already makes it unsuitable for a good amount of people. And that’s exactly the case with Wordpress! If you know what you’re doing, then you’re all set. However, if you’re just getting started, then there’s a good chance that things could go terribly wrong for you.

“ I don't know who are those many people complain about Wordpress”

Well I’m part of the heliohost community (I’m a voluntary helper in their discord). And the users are constantly complaining about the heavy load Wordpress causes. Even the admins hate it so much! And everyone that switched to an alternative such as Joomla never faced these problems again!
Special thanks to Post4VPS and VirMach for providing me with VPS9! It is insanely powerful and fast!
Reply
#24
The Wordpress core as in the software itself with its default theme and nothing else additional 3rd party is actually quite secure because it has a somewhat big development team behind it and even the community helps a lot by reporting bugs. So if you setup a fairly stock Wordpress blog without any 3rd party themes or plugins and use a good password the chance to get hacked is really small (still might be hidden bugs that hackers might discover and you might fall first as victim to these new bugs). Of course since usually bugs and security holes are patched quite fast it is always recommended to keep up to date. That'll reduce the chance to get hacked again.

However once you add 3rd party content the chance of getting hacked is I would say turning into an unknown equation. You might wonder why? Well, all this 3rd party stuff is usually not updated and maintained so well and plugins often contain amateur security issues that could have been avoided (TL;DR: no one does proper QA on what they seem to release). And as fancy as themes look nowadays... many of them are not themes (CSS/JS/IMG/FONTS) anymore. They all contain a lot of code mostly for this and that function and this code is very faulty often. You might be as up to date as possible with those plugins and still get hacked by masses because simply no one really either reports the issues with the theme/plugin and no one fixes it. Only some real big plugins or themes (usually actually provided by WP devs Automatic or other big design/code sites) are maintained somewhat properly. And even with that you sometimes get literally news article on IT sites about popular Wordpress themes or plugins having some serious security holes that have left thousands of blogs open to attacks for a long time.

3rd party content for Wordpress is a big issue in terms of security and bugs. It's a big like the wild west. Everyone does what they want without real consequences. No one seems to help each other with things other than developing code or themes but not really fixing/reporting issues. Some kind of QA is missing as in plugins and themes with easy to avoid issues pass through and are allowed on the Wordpress Extend site where everyone can download and install them. And all of this is usually simply out of control for the average Wordpress user that uses it as just what it is "a tool".

I have had experience myself with this 3rd party stuff being not secure. In the past a blog that I hosted since 2009 was hacked once due to a faulty plugin (yes everything was up to date) and the hackers implemented a fake Microsoft Outlook site. I got rid of the plugin and removed all traces of the hack and everything was fine again. So you see sometimes once plugin is enough... and you're up for it really big (heads up to Strato for not going ape and simply absolutely suspending the service without a chance to fix it). And before anyone starts: we use strong passwords, the server is always up to date, login is only possible via SSH public key and we even use 2FA on the Wordpress Admin. Reason for the hack was another plugin and it was easy to figure out by simply searching for "wordpress hacked and showing outlook phishing site" or a similar search term (it was years ago by now so I don't remember what I searched for on Google to get clues and tips but it was easy to find). I found a nice article on a Wordpress site where that hack was discussed and everyone had this one thing in common: the plugin that had security holes.

@deanhills can share his fair experience with his blog getting hacked despite being up to date and all setup properly.
Reply
#25
@ikk157

Think about Wordpress as a knife. if you cut yr self while doing something it's not knife's fault, is it ? I'm part of several big affiliate forums like BlackHatWorld. I rarely see members come compain about Wordpress blogs getting hacked or load problems. Those people from your forum, they should have try to find where is the problem since almost all of them had the same problem. Because it sounds like a common problem there. Not sure if all of them use the same server though.

Wordpress core it self nearly perfect for avarage web user. It has no high load problems and security is superb. Like I metioned before these problems start when you start adding Themes and Plugins. All you have to do it find the trouble maker and get rid of it. Another reason is using those fancy banner systems. Also there widgets do this too. Specially if you have a bad social widget.

More than 35% of all sites out there today are based on Wordpress. No other framework or script comes even near to this. There are so many people using Wordpress. But yes there are cons. If all you want is just couple of static pages whic won't be updated for a long long time then Wordpress is useless. If you too late to keep things updates and take regular backups then again Wordpress is not for you. Also if you don't do backgroud check before using themes or plugins again better not use Wordpress.

For example I only use default themes or themes which has been around for a while. If a theme developer hasn't updated them theme for 5 Wordpress updates I start looking for an alternative. Also I have started studying Elementor because I want to stick with one builder and do my own customizations.

~ Be yourself everybody else is taken ~



Reply
#26
(01-16-2020, 06:13 AM)Hidden Refuge Wrote:  @deanhills can share his fair experience with his blog getting hacked despite being up to date and all setup properly.

Unfortunately I don't have a clue what happened.  I've published the identical blog on different VPSs and haven't ever had it hacked in any of the other VPSs.  So can't help but think the hacking had nothing to do with the WordPress blog - there was a manipulation of something in the DNS of the VPS through the IP that may have been inherited and associated with rogue domains that still carry that IP to this day.  

I've had the same blog running on VPS 9 for a very long time.  Also on HostUS for a while.  So chances should have been that those blogs would have been hacked too.  Identical meaning I have a backup of the blog that I use as a template   I imported it into a newly created WordPress blog on my Contabo VPS and then modified it.  Added new blog posts and changed the content of the pages.  I did the import with the All-in-one WP Migration Plugin which I use to move all of my WordPress sites.  Same style, same plugins. All I did was to change the content of the WordPress blog - pages and new posts.  Blog as always was disabled for feedback - it's basically a static site for all intents and purposes.  So unfortunately I can't contribute anything of value here as I don't have a clue what happened.

Greatest irony was that when the Contabo technicians checked after the hack report had been received, they couldn't find hack files on my VPS either.  They thought I'd fixed it.  So no one has provided me with a logical explanation yet for what happened.  I haven't received real and convincing proof yet that my blog has been hacked.  And since that happened in June 2019 I've been using the same blog with same style and plugins in two VPSs with no hacking at all. So far any way. Tongue
Terminal
Thank you to Post4VPS and VirMach for my VPS 9!  I'm finally up and running again after the upgrade to KVM.
Reply
#27
TBH, i have never used any SSG's, but i believe it truly depends on what king of website you want to make..
I love CMS for matter of fact, it solves many problems for both static and dynamic websites interms of design, url management and more...
Reply
 


Possibly Related Threads...
Thread Author Replies Views Last Post
  Best self-hosted website builder ikk157 7 102 02-18-2020, 04:27 PM
Last Post: ikk157
Wink Checkout my website please and tell me how can i improve it zakilm10 7 298 10-22-2019, 02:14 PM
Last Post: deanhills
  Automatically reduce the size of photos on the website huuthi95 3 707 12-15-2018, 02:47 PM
Last Post: Honey
  My client's website that I made for FREE Manal 19 2,007 11-26-2018, 06:33 PM
Last Post: KGIII
  lets make a website together. perryoo11 5 1,147 09-19-2018, 10:42 AM
Last Post: perryoo11

Forum Jump:


Users browsing this thread: 1 Guest(s)
Hostlease

Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - SSDBlaze - Abc-Hosters - Hyper Expert - Shadow Hosting - Bladenode - Hostlease


About Post4VPS

Post4VPS is a forum/destiny where you can Delploy Your Free VPSs just by the Power of Posts.

We Provide VPSs of many locations like Germany,US,Canada,France,London,etc.

We also Provide VPSs of Both Linux and Windows OS.