On Fri, Sep 29, 2017 at 9:11 AM, Rick Moen rick@linuxmafia.com wrote:
Quoting Todd Hawley (celticdm@gmail.com):
I used to maintain a site that ran WordPress, we migrated it to DH and
they
insisted they could only run WP if our URL included the Dreamhost name in the URL.
How funny.
Yes. Looking back, I highly suspect they didn't want to have to do the
work involved in setting up WP for the site and then said, "Oh. You want this? Well then you have to do this for us." Free advertising for them. What a concept. <sigh> Why didn't I realize this at the time? Ah well.
Aha! I wondered why WP had so many security issues. Although from what
I'd heard PHP was a nice scripting language and easy to learn. I had no
idea
it was prone to security issues.
Just for fun, here's a cranky rant giving a full rundown on the problems with PHP: https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/
Interesting piece.
I suspect it's difficult verging on impossible to write good and
reasonably secure public-facing PHP code if it does anything significant. In any event, for whatever reason, there are continual, repeating security breakdowns in WordPress itself. Troublingly, these tend to keep occurring over and over in the same areas, suggesting that there are deep architectural flaws that give rise to the recurring implementation flaws, i.e., the underlying problems don't ever get truly fixed, only this week's manifestation of the problem.
If you've been around software for a while, you learn to recognise that pattern. Fixed, this time for sure! Oh darn, here's another one that's technically different, and we've fixed that. Wait, here's another one and a fix for it....
Or you have programming teams on tight deadlines who aren't allowed time to fix a fundamental problem. Instead, they're told to find a patch for a bug and then "when time allows," they'll go back and fix the fundamental problem. Which of course never happens. Or they say, "that's not a bug, that's a new feature." :p
-th