Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Wordpress to make regular non-blog websites?

definitive

definitive

macrumors 68020
Original poster
Aug 4, 2008
2,089
1,021
A lot of designers as of late have started to build their clients' sites using WordPress. Is it really a safe and smart way to build sites? I see WP updates from time to time to fix security holes, and I was wondering if it's a good idea to build websites out of it? After all, most clients who have these sites built for them don't know much about web design, so I'm assuming that they wouldn't have much of a clue on how to update WP, or even troubleshoot their site if the new version of the update breaks some feature...
 
WordPress is open source and has a lot of people looking at its code making it more secure every day. Can the same be said about a regular developer's code? Nope. A developer could just as easily create a SQL-injection issue as WordPress, but the WordPress one would get caught much faster.
 
definitive said:
A lot of designers as of late have started to build their clients' sites using WordPress. Is it really a safe and smart way to build sites? I see WP updates from time to time to fix security holes, and I was wondering if it's a good idea to build websites out of it? After all, most clients who have these sites built for them don't know much about web design, so I'm assuming that they wouldn't have much of a clue on how to update WP, or even troubleshoot their site if the new version of the update breaks some feature...
Click to expand...

it's very easy

restrict them to change only what you want them to change so that they don't break your design

the creator's idea of wordpress was that he wanted something so easy to blog with that his mom could do it.. there's not much to teach other than how to login and post an entry
 
definitive said:
...using WordPress. Is it really a safe and smart way to build sites?
Click to expand...

Yes.

definitive said:
...I see WP updates from time to time to fix security holes, and I was wondering if it's a good idea to build websites out of it? ...
Click to expand...

Most of the point releases you see are bug fixes rather than security updates. The major releases (2.9, 3.0) are mainly feature upgrades. WP itself is open source and pretty secure, as others have said above. If you keep your WP install updated (see below), only use plugins you trust, that are well supported and frequently updated (and keep updating those plugins), and take some basic precautions like using strong passwords and password protecting the wp-admin directory, you'll be fine.

definitive said:
...so I'm assuming that they wouldn't have much of a clue on how to update WP, or even troubleshoot their site if the new version of the update breaks some feature...
Click to expand...

Updating WP is now about as easy as it gets, and can be done automatically via the Dashboard. Plugins likewise. As to breaking features (I assume you mean plugins), then it's really a case of (1) making sure that any plugins have been updated to be compatible with the newer release of WP before upgrading and (2) backing up before you upgrade (as well as regular backups anyway!).
 
angelwatt said:
WordPress is open source and has a lot of people looking at its code making it more secure every day. Can the same be said about a regular developer's code? Nope. A developer could just as easily create a SQL-injection issue as WordPress, but the WordPress one would get caught much faster.
Click to expand...

i'm not too familiar with database side of web development, so how would a basic html/css website (5-6 pages with only information and a php contact form with captcha) be under an equal security risk as a wordpress installation provided the server-side software is same on both types of sites? wouldn't wordpress be under a higher risk of getting hacked?
 
definitive said:
i'm not too familiar with database side of web development, so how would a basic html/css website (5-6 pages with only information and a php contact form with captcha) be under an equal security risk as a wordpress installation provided the server-side software is same on both types of sites? wouldn't wordpress be under a higher risk of getting hacked?
Click to expand...

WP isn't perfect, it does have some security flaws but those nice folks do make a habit of updating the software then it's reported (just takes a little time) The nicest thing is, it's ability to self update, without the end-user touching any FTP application.

Personally, I still prefer MT.
 
definitive said:
wouldn't wordpress be under a higher risk of getting hacked?
Click to expand...

Only a little less secure. If the pages aren't going to be changed and the client doesn't need to be able to alter content, you could turn off access to the DB that entails modifying any information (read-only), and you could remove admin and editing type pages from WordPress, which would greatly improve security that would make it nearly as secure as a completely static web site.
 
angelwatt said:
Only a little less secure. If the pages aren't going to be changed and the client doesn't need to be able to alter content, you could turn off access to the DB that entails modifying any information (read-only), and you could remove admin and editing type pages from WordPress, which would greatly improve security that would make it nearly as secure as a completely static web site.
Click to expand...

could you recommend a website that has a tutorial on how to do this?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back