this post was submitted on 28 Aug 2024
349 points (98.3% liked)

Technology

58138 readers
4338 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
349
Tumblr to move its half a billion blogs to WordPress (techcrunch.com)
submitted 3 weeks ago by neme@lemm.ee to c/technology@lemmy.world
74 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] catloaf@lemm.ee 67 points 3 weeks ago (3 children)

WordPress is built on decades of hacky code, probably more so than Tumblr. I would be shocked if this is an improvement.

[–] Goodie@lemmy.world 28 points 3 weeks ago (2 children)

is it decades of hacky code, or decades of battle tested code?

I haven't touched wordpress in... many years, but I've seen far too many developers look at old code and call it junk... only to break things horrifically when they attempt a rewrite.

[–] catloaf@lemm.ee 17 points 3 weeks ago (1 children)

Hacky.

Wordpress has a reputation for the most moronic security issues. Especially when it's built on PHP, which has its own reputation for moronic security issues. And that's saying nothing about the quality of plugin developers or plugin code.

I've worked on Wordpress sites, plugins, and themes. That was many years ago now, but I doubt it's changed that much. If anything, it's mostly benefited from improvements to PHP.

[–] fake@sh.itjust.works 15 points 3 weeks ago (2 children)

Has to rank as one of the most exploited pieces of software ever.

Definitely be not aided by the fact it's targeting an audience without the skills or knowledge to adequately configure, maintain and monitor it. And the plugin community only makes the vulnerability exposure worse.

[–] sugar_in_your_tea@sh.itjust.works 4 points 3 weeks ago

Yup. I imagine a lot of users install a lot of plugins they don't actually need, which just expands the attack surface.

[–] webhead@lemmy.world 2 points 2 weeks ago

Kind of the old Windows vs Mac problem though. It gets so many exploits because it is so ridiculously popular. No one is going to bother looking for exploits in shit that no one uses right? I'm sure they've got problems like any project but I'm not convinced they're THAT bad. Not to mention a lot of exploits you see are plugins doing dumb shit, not WP itself.

[–] chilicheeselies@lemmy.world 6 points 3 weeks ago (1 children)

Both honestly. Very spaghetti, but noone can deny that it just works from a user perspective. Would I want to maintain the code? Hell no! Do use it as an end user? Hell yeah!

[–] sugar_in_your_tea@sh.itjust.works 1 points 3 weeks ago (1 children)

Nah, not touching that with a 10' pole. There have been far too many exploits for me to feel comfortable putting any of my important data on it. And it's not just that it's popular, the level of sophistication for these attacks are... alarmingly low.

[–] MangoPenguin@lemmy.blahaj.zone 1 points 2 weeks ago (1 children)

It's a public site that'll be backed up regularly, what kind of important data would you be putting out publicly?

[–] sugar_in_your_tea@sh.itjust.works 1 points 2 weeks ago

If it's an e-commerce site, than people's payment info, name, and address. If it has a login, then their login information (which they're most likely reusing elsewhere). Even if it's just a static site, than any data that might be hosted on the same server.

[–] eager_eagle@lemmy.world 13 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

my thoughts exactly. Who in their sane mind sees WordPress as a solid foundation for anything?

you must be truly desperate to come to me for help.

~~Loki~~ WP

[–] Peepolo@lemmy.world 7 points 3 weeks ago (1 children)

Most large publishing companies, the white house and various government departments all use WordPress for their main sites. Its the third party integrations that cause security issues, not the core code.

[–] sugar_in_your_tea@sh.itjust.works 2 points 3 weeks ago (1 children)

Yet the third party integrations are pretty much the whole point of WordPress.

[–] Peepolo@lemmy.world 2 points 3 weeks ago* (last edited 2 weeks ago) (1 children)

Indeed, but using poor ones or not keeping them updated is what causes the wrong opinion that WordPress isn't solid.

30% of the most popular 1000 websites are built on WordPress supposedly.

[–] sugar_in_your_tea@sh.itjust.works 1 points 2 weeks ago

Sure, and who is vetting the plugins? How often are unmaintained plugins replaced in those popular websites? How quickly are vulnerabilities patched and applied?

The whole thing is easy to set up, but unlikely to be properly maintained.

[–] jedibob5@lemmy.world 4 points 3 weeks ago (1 children)

Not as familiar with WordPress, but if that's the case, yeah, I don't have high hopes for this going well...

[–] Woovie@lemmy.world 3 points 3 weeks ago

Every comment in this thread might as well be hearsay. I wouldn’t take it too seriously. I think I’ll trust the corporation that runs wordpress.com and maintains the open source WordPress project instead to know what they’re doing with WordPress.