Fundamental Website Setup Links

Use Our RSS Feed

XML Feed

Support Open Source Software

Hi, Thank you for coming to AWSOM.org. We appreciate you visiting and hope you can support us in our efforts with free and open source software.


On the Same Track as Last Post

February 5th, 2008 by harknell

While it is always more convenient to place as many functions into one centralized site as possible, it is also generally more insecure and prone to problems. Case in point: Forum plugins for WordPress. While I know the desire to have one centralized administration area for a forum and your blog site might seem like a good idea, it is not always in your best interest to have this as your set up. Apparently there is a bug in the current version of the WP-Forum plugin that allows malicious users to access your database information. Whenever you have a situation where you allow users to add content to your site, you create a potentially vulnerable area for someone to exploit. In the case of a forum, this can be especially difficult to program in a manner that eliminates this risk. (note how often most forums have security updates, it’s a lot). So you end up with a case where you now have 2 different site concepts taken out by the most vulnerable element. I almost exclusively suggest that people simply run 2 different sites with 2 different databases and simply match them using a common looking theme. It’s simply more secure to do things that way.

Posted in Critical!, Security, Software Updates, Website Administration | 1 Comment »

One Response to “On the Same Track as Last Post”

  1. TheWeeJenny says:

    I really couldn’t agree more. I’ve tried it both ways and fortunately never had to deal with someone taking advantage of a security vulnerability, but it was a pain in the but to manage.

    The forum plugin I tried (it was over a year ago now and I forget what it was called, it wasn’t WPforum though) was abandoned at pretty much the same time as a major WordPress upgrade, so all the posts pretty much had to go bye bye after the upgrade. The plugin just wasn’t compatible and I couldn’t even manually recover text from the posts themselves. It was all too mangled.

    It’s a bit like having a TV with a built in VCR or DVD player. It’s super convenient, until one function or the other breaks down, then you have to take the whole thing in for repairs and you’re out both. :P