Wordpress to make regular non-blog websites?

Discussion in 'Web Design and Development' started by definitive, Sep 3, 2010.

  1. definitive macrumors 68000

    definitive

    Joined:
    Aug 4, 2008
    #1
    A lot of designers as of late have started to build their clients' sites using WordPress. Is it really a safe and smart way to build sites? I see WP updates from time to time to fix security holes, and I was wondering if it's a good idea to build websites out of it? After all, most clients who have these sites built for them don't know much about web design, so I'm assuming that they wouldn't have much of a clue on how to update WP, or even troubleshoot their site if the new version of the update breaks some feature...
     
  2. whatsgooddan macrumors member

    Joined:
    Apr 6, 2009
    Location:
    NY, USA
    #2
    Use the really static plugin or wget -mk or something to cache your site and serve up html. :D
     
  3. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #3
    WordPress is open source and has a lot of people looking at its code making it more secure every day. Can the same be said about a regular developer's code? Nope. A developer could just as easily create a SQL-injection issue as WordPress, but the WordPress one would get caught much faster.
     
  4. jbyun04 macrumors 6502a

    jbyun04

    Joined:
    Aug 31, 2008
    Location:
    Canada
    #4
    it's very easy

    restrict them to change only what you want them to change so that they don't break your design

    the creator's idea of wordpress was that he wanted something so easy to blog with that his mom could do it.. there's not much to teach other than how to login and post an entry
     
  5. FourCandles macrumors 6502a

    Joined:
    Feb 10, 2009
    Location:
    England
    #5
    Yes.

    Most of the point releases you see are bug fixes rather than security updates. The major releases (2.9, 3.0) are mainly feature upgrades. WP itself is open source and pretty secure, as others have said above. If you keep your WP install updated (see below), only use plugins you trust, that are well supported and frequently updated (and keep updating those plugins), and take some basic precautions like using strong passwords and password protecting the wp-admin directory, you'll be fine.

    Updating WP is now about as easy as it gets, and can be done automatically via the Dashboard. Plugins likewise. As to breaking features (I assume you mean plugins), then it's really a case of (1) making sure that any plugins have been updated to be compatible with the newer release of WP before upgrading and (2) backing up before you upgrade (as well as regular backups anyway!).
     
  6. definitive thread starter macrumors 68000

    definitive

    Joined:
    Aug 4, 2008
    #6
    i'm not too familiar with database side of web development, so how would a basic html/css website (5-6 pages with only information and a php contact form with captcha) be under an equal security risk as a wordpress installation provided the server-side software is same on both types of sites? wouldn't wordpress be under a higher risk of getting hacked?
     
  7. UltraNEO* macrumors 601

    UltraNEO*

    Joined:
    Jun 16, 2007
    Location:
    近畿日本
    #7
    WP isn't perfect, it does have some security flaws but those nice folks do make a habit of updating the software then it's reported (just takes a little time) The nicest thing is, it's ability to self update, without the end-user touching any FTP application.

    Personally, I still prefer MT.
     
  8. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #8
    Only a little less secure. If the pages aren't going to be changed and the client doesn't need to be able to alter content, you could turn off access to the DB that entails modifying any information (read-only), and you could remove admin and editing type pages from WordPress, which would greatly improve security that would make it nearly as secure as a completely static web site.
     
  9. definitive thread starter macrumors 68000

    definitive

    Joined:
    Aug 4, 2008
    #9
    could you recommend a website that has a tutorial on how to do this?
     
  10. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #10
    The WordPress Codex has a lot of this information in their hardening section. I've done a few of things listed on this page, but have not done everything I mentioned before because I've never needed to do a "static"-based WordPress setup.
     

Share This Page