- Bought between 10 and 49 items
- Exclusive Author
- Has been a member for 3-4 years
- Sold between 100 and 1 000 dollars
I’ve never understood why people use wordpress when it’s just an accident waiting to happen.
I understand why wordpress IS a good platform, but it’s one of the poorest platforms when it comes to security; in other words there is none.
Have you ever given anyone access to your wordpress admin? Did you know that they can install a plugin to download your database without needing a password. You can also download your FTP files without a password. If you use the same password elsewhere in your wordpress config they can access that.
If you give someone access to FTP and you have a wordpress install, running an include(”../wp-config.php”) would be all it took to get your password.
So why do you use wordpress and how do you protect your wordpress from attacks like these? Do you only install plugins from people you trust?
- Has been a member for 4-5 years
- Exclusive Author
- Europe
- Bought between 10 and 49 items
- Referred between 100 and 199 users
- Sold between 100 and 1 000 dollars
- Microlancer Beta Tester
Well, I use it because it’s awesome, simple and has a huge community.
I’ve also found a way of dealing with all the above: I never hand out my passwords. Simple. Powerful.
P.S.: it’s WordPress.
- Author had a File in an Envato Bundle
- Grew a moustache for the Envato Movember competition
- Author was Featured
- Community Moderator
- Referred more than 2000 users
- Has been a member for 4-5 years
- United Kingdom
- Repeatedly Helped protect Envato Marketplaces against copyright violations
- Contributed a Blog Post
@ArranMcguire got me using random password gens for wp-config + if you’re giving someone your FTP details… they need to be trustworthy anyway.
and when it comes to security etc, free updates from Wordpress deal with those, right?
+ a massively active community
+ easy to install and a wealth of themes and plugins to make it do pretty much whatever you want it to do
I love wordpress.
- Bought between 10 and 49 items
- Exclusive Author
- Has been a member for 3-4 years
Giving anyone access to wordpress admin is a bad idea obviously. And if you have the ftp details then obviously you have root access anyway.
In regards to passwords they aren’t stored anywhere in the database as plain text. They are encrypted with a one time hash.
All that being said, WP is pretty secure. Unfortunately, if you use a plugin this is probably where vulnerabilities are best exploited. That’s about the only weak link IMO .
- Microlancer Beta Tester
- Repeatedly Helped protect Envato Marketplaces against copyright violations
- Contributed a Blog Post
- Author had a Free File of the Month
- Has been a member for 3-4 years
- Europe
- Bought between 10 and 49 items
- Referred between 1 and 9 users
- Exclusive Author
Why on Earth would I give my passwords to someone else? If you give your password to another person, then don’t “moan” about WordPress’ security, it is you.
- Bought between 10 and 49 items
- Exclusive Author
- Has been a member for 3-4 years
- Sold between 100 and 1 000 dollars
What I meant with FTP was in cPanel, you can create FTP accounts that point to a certain directory, so user “abcd” can only access directory “abcd”. This in itself is secure but they can still eventually work their way to get hold of your FTP files 
- Exclusive Author
- Has been a member for 2-3 years
- Sold between 1 000 and 5 000 dollars
- Romania
Stylius said
Why on Earth would I give my passwords to someone else? If you give your password to another person, then don’t “moan” about WordPress’ security, it is you.
+1 Well said.
- Bought between 10 and 49 items
- Exclusive Author
- Has been a member for 3-4 years
- Sold between 100 and 1 000 dollars
DanThemes said
Stylius said+1 Well said.
Why on Earth would I give my passwords to someone else? If you give your password to another person, then don’t “moan” about WordPress’ security, it is you.
You can create multiple admin accounts in wordpress 
- Sold between 10 000 and 50 000 dollars
- Exclusive Author
- Europe
- Bought between 10 and 49 items
- Referred between 10 and 49 users
- Microlancer Beta Tester
- Has been a member for 2-3 years
Don’t allow people you don’t trust to access the admin panel or your FTP , actually don’t give them access to anything if you’re not 100% sure they can be trusted 
- Microlancer Beta Tester
- Sold between 250 000 and 1 000 000 dollars
- Author was Featured
- Item was Featured
- Has been a member for 4-5 years
- Author had a File in an Envato Bundle
- Referred between 200 and 499 users
- Author had a Free File of the Month
cosmincotor said
Don’t allow people you don’t trust to access the admin panel or your FTP , actually don’t give them access to anything if you’re not 100% sure they can be trusted
Exactly.
