heldercervantes Posted December 19, 2017 Share Posted December 19, 2017 Hey guys, some light reading: https://supertiny.agency/en/blog/how-secure-is-your-website/ This discussion pops up from time to time, and this is something I usually point out every time I show PW to a new client, so I thought it would be nice to write a permanent post on the subject. Enjoy. 12 1 Link to comment Share on other sites More sharing options...
psy Posted December 19, 2017 Share Posted December 19, 2017 @heldercervantes Oops... shared your great blog post on FaceBook and concerned it may have gone viral 1 1 Link to comment Share on other sites More sharing options...
monchu Posted December 19, 2017 Share Posted December 19, 2017 IMHO the topic that pw is secure than other CMS is not a good strategy to promote pw itself. Drupal is one of the oldest CMS, and there are a lot of hackers around the world eager to test it. WP as well. PW is quite new in cms world and not popular yet. So if until today PW is not listed in Secunia, it doesn't mean that pw tough enough from hackers. Maybe yes maybe not ... 4 Link to comment Share on other sites More sharing options...
elabx Posted December 19, 2017 Share Posted December 19, 2017 1 hour ago, monchu said: IMHO the topic that pw is secure than other CMS is not a good strategy to promote pw itself. Drupal is one of the oldest CMS, and there are a lot of hackers around the world eager to test it. WP as well. PW is quite new in cms world and not popular yet. So if until today PW is not listed in Secunia, it doesn't mean that pw tough enough from hackers. Maybe yes maybe not ... I agree, not to put down doubt Helder's experience or amazing work, but I also think this kind of observations lack context really help ProcessWire look like the awesome CMS it actually is. Marketing wise it might work, but from a developer's perspective I feel this makes us look like fanboys haha (I bluntly accept I am one) Nonetheless, it is good to have this conversations and appreciate the work of promoting the awesome product we all love. Link to comment Share on other sites More sharing options...
Pixrael Posted December 19, 2017 Share Posted December 19, 2017 but @heldercervantes has not said any lie there .. you know any security issue? .. If not, then PW is the safest until proven otherwise 1 1 Link to comment Share on other sites More sharing options...
heldercervantes Posted December 19, 2017 Author Share Posted December 19, 2017 5 minutes ago, Pixrael said: but @heldercervantes has not said any lie there .. you know any security issue? .. If not, then PW is the safest until proven otherwise Exactly. If any vulnerabilites show up, there will be listings of it, either on Secunia or somewhere else. Certainly here in this forum, at least. And I do state that none of the listed vulnerabilities on the other platforms are scandalously dangerous. Of course PW benefits from freshness. I used a similar argument when I defended a proprietary CMS. But in the end, excuses aside, the fact is a compromised PW site is something unheard of in a 10 years old CMS. That's time enough for something to show up. Whereas if you own a Wordpress site which is "way more mature", you should check for updates every two weeks, just in case, and you risk breaking your site when you update. Basically the point here was to raise awareness that vulnerabilities do exist and pop up regularly. PW comes out ahead? Great! Hey, 2 alerts a month on WP on average? Come on! 3 Link to comment Share on other sites More sharing options...
bernhard Posted December 20, 2017 Share Posted December 20, 2017 Does anybody know how those security listings work? Where do they get the information? For example if one of my pw sites would get hacked, I would not tell those providers about it But another Idea just came up in my head... I'll have to think about it... Does anyone know a Linux Server Expert? Link to comment Share on other sites More sharing options...
Pixrael Posted December 20, 2017 Share Posted December 20, 2017 2 hours ago, bernhard said: For example if one of my pw sites would get hacked, I would not tell those providers about it ..but maybe you tell to us.. .. Link to comment Share on other sites More sharing options...
Rudy Posted December 20, 2017 Share Posted December 20, 2017 Security by obscurity. That's where ProcessWire is currently in. 1 Link to comment Share on other sites More sharing options...
bernhard Posted December 20, 2017 Share Posted December 20, 2017 4 minutes ago, Rudy said: Security by obscurity. That's where ProcessWire is currently in. That's not true and an unfair statement in this context. I agree that "no listed vulnerabilities" is no proof of security but it does also not mean that security is not a main goal. Security by obscurity definitely helps to protect us from lots of threats but it's definitely not the only and also not the most important part of the puzzle... https://processwire.com/docs/security/ 2 Link to comment Share on other sites More sharing options...
adrian Posted December 20, 2017 Share Posted December 20, 2017 4 hours ago, bernhard said: Does anyone know a Linux Server Expert? I know my way around, but "expert" might be a stretch depending on what you want to do. Are you looking for Linus' clone or someone who knows how to compile source code, or somewhere in between 1 Link to comment Share on other sites More sharing options...
SamC Posted December 21, 2017 Share Posted December 21, 2017 I've been retweeting this article, was a good one 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now