WordPress Help
Stephen Warren
swarren-tag-list-nclug at wwwdotorg.org
Wed Mar 22 16:28:29 UTC 2023
TBH, Wordpress's fundamental design actively encourages security issues;
the site code being able to write to its own installation directory in
order to support uploads, updates, plugin installation, etc. is the
opposite of good security practice. I can't in good conscience recommend
that anyone run it. Instead, use a static site generator like Jekyll or
any of the many many alternatives.
That said, if you have to run Wordpress, I suggest:
- Enable automatic core and plugin updates.
- Install an absolute minimum number of plugins.
- Install a security plugin that can block known-bad requests, report
issues, etc. FCCH uses WordFence. I don't know much about it, since
someone else installed it...
- Set up a nightly/more-often backup process that reports which files
have changed, so that if someone tampers with them, you will immediately
see the issue and can re-install.
For the form: Perhaps use Google forms? This is trivial to set up, dumps
the result in a spreadsheet which can be exported to CSV/... via the UI
or accessed via an API, and IIRC it can email you every time there's a
new submission. The downside of course is giving your data to Google,
but form submitters don't need to have a Google account.
On 3/22/23 10:07, Bill Thorson wrote:
> NCLUGers,
>
> I have only done one WordPress site and that was 12 years ago. It is
> grossly out of date (WP 3.0.4) and insecure because I've not kept up.
> It is not a widely known site on purpose and luckily not had any
> problems. Now I am moving it to the cloud and the latest version of
> WordPress (WP 6.1.1). I've got it mostly done but am searching for the
> solution for one page.
>
> This website is in support of two scientific mailinglists that I've been
> running for 30 years. These are private lists and I only consider
> membership if they fill out all the info in a special form (see below).
> The page saves the request in a sqlite3 db, emails the info to the admin
> (me), and submits a request for membership to the selected mailman list.
>
> Back then I used a plugin called "Shortcode Exec PHP" to do the form.
> It saves the information to a sqlite3 db and also sends info to the
> admin (me). It looks like "Shortcode Exec PHP" has not been updated
> since 2015. Should I still be using it or is there a better way.
More information about the NCLUG
mailing list