Jump to content

Blog post: How secure is your website?


heldercervantes
 Share

Recommended Posts

IMHO the topic that pw is secure than other CMS is not a good strategy to promote pw itself.

Drupal is one of the oldest CMS, and there are a lot of hackers around the world eager to test it. WP as well.

PW is quite new in cms world and not popular yet. So if until today PW is not listed in Secunia, it doesn't mean that pw tough enough from hackers. Maybe yes maybe not ...

  • Like 4
Link to comment
Share on other sites

1 hour ago, monchu said:

IMHO the topic that pw is secure than other CMS is not a good strategy to promote pw itself.

Drupal is one of the oldest CMS, and there are a lot of hackers around the world eager to test it. WP as well.

PW is quite new in cms world and not popular yet. So if until today PW is not listed in Secunia, it doesn't mean that pw tough enough from hackers. Maybe yes maybe not ...

I agree, not to put down doubt Helder's experience or amazing work, but I also think this kind of observations lack context really help ProcessWire look like the awesome CMS it actually is. 

Marketing wise it might work, but from a developer's perspective I feel this makes us look like fanboys haha (I bluntly accept I am one)

Nonetheless, it is good to have this conversations and appreciate the work of promoting the awesome product we all love.

Link to comment
Share on other sites

 

5 minutes ago, Pixrael said:

but @heldercervantes has not said any lie there .. you know any security issue? .. If not, then PW is the safest until proven otherwise :P

Exactly. If any vulnerabilites show up, there will be listings of it, either on Secunia or somewhere else. Certainly here in this forum, at least. And I do state that none of the listed vulnerabilities on the other platforms are scandalously dangerous.

Of course PW benefits from freshness. I used a similar argument when I defended a proprietary CMS. But in the end, excuses aside, the fact is a compromised PW site is something unheard of in a 10 years old CMS. That's time enough for something to show up. Whereas if you own a Wordpress site which is "way more mature", you should check for updates every two weeks, just in case, and you risk breaking your site when you update.

Basically the point here was to raise awareness that vulnerabilities do exist and pop up regularly. PW comes out ahead? Great!

Hey, 2 alerts a month on WP on average? Come on!

  • Like 3
Link to comment
Share on other sites

Does anybody know how those security listings work? Where do they get the information? For example if one of my pw sites would get hacked, I would not tell those providers about it ;)

But another Idea just came up in my head... I'll have to think about it... Does anyone know a Linux Server Expert?

Link to comment
Share on other sites

4 minutes ago, Rudy said:

Security by obscurity. That's where ProcessWire is currently in. 

That's not true and an unfair statement in this context. I agree that "no listed vulnerabilities" is no proof of security but it does also not mean that security is not a main goal.

Security by obscurity definitely helps to protect us from lots of threats but it's definitely not the only and also not the most important part of the puzzle...

https://processwire.com/docs/security/

  • Like 2
Link to comment
Share on other sites

4 hours ago, bernhard said:

Does anyone know a Linux Server Expert?

I know my way around, but "expert" might be a stretch depending on what you want to do. Are you looking for Linus' clone or someone who knows how to compile source code, or somewhere in between :)

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...