New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Good, now it's clear that you're a little bit new to the JAMstack term and still doesn't know that JAMStack doesn't mean it's a static site at all.
Just sit down and have a read:
https://css-tricks.com/5-myths-about-jamstack/
https://jamstack.wtf/#dynamic-parts
and then come back arguing your site from 2007 is a JAMstack which fetches comments via Ajax that simply can't be correctly indexed by search engines.
When I was a noob I would find another theme and change the css until it looked like the other one :O
I think, @raindog308 nailed it quite well. Wordpress may be a sh_tty software seen from a pro developers point, but it pretty much is what FrontPage was 15 years ago: The way to somehow put something like a website together and used by millions upon millions of people - which also means that it needs to and does address a certain low-skill clientele (not few of which consider themselves to be developers).
Second big point raindog308 got nicely right: it's the aeon old story of efforts vs need. The two extremes are (a) we need something going and our primary focus is content, and (b) we need something that is fast and/or secure and/or safe and/or multi-server or multi-location and/or low-latency and/or ...
The former must and will use some hip clickedy click solution and the latter have engineers figuring out an optimized solution.
And Wordpress is in between, a kind of Frontpage on steroids plus it makes many, many users feel safe because the software and modules are "tested" by large crowds and because humans are herd animals.
People feel safe running WordPress? It's a top zero day target that one should constantly be worried about. One should be a paranoid fuck to run WordPress, IMO.
My logs are filled with WP attacks and I don't run WP.
I wouldn't admit that my first webpage was made with Microsoft Word 97.
My blog has both. I write content in VS Code and rsync to the server.
I only upgrade Hexo if a Node upgrade breaks it. I only touch the theme once a year to upgrade the syntax highlighter.
What if you set IP limits to
wp-login.php
? Then nobody can get in unless you are in the office or enterprise VPN.I only log 200 status code. Problem solved.
Same can be said for DirectAdmin Personal License and other "panels" (in single VPS, not shared hosting providers). I don't use any of them because it's pure overhead and additional security vulnerability.
I didn't read that ...
But then you are a guy who's different from most.
Hmmm, not really. For one I wouldn't bet on the premise that wp-login.php is the only way to get in, plus don't forget that most have a dynamic IP. And he definitely had a point with WP being a top target for hackzors, plus: making anything in PHP, let alone something where installations are cobbled together from plugins all over the place and from diverse origin.
I use WP myself because I had to and I have invested a lot of work in making it safer (but certainly not safe). Short version: I hate it as much as many love it, I avoid plugins wherever feasible and I have a quite "interesting" installation that really tries to achieve some reasonable level of safety ... but I still hate it and consider even the safest, most professionally done WP sites (incl. mine, of course) a rather high security risk.
"log"?? What's that? And which log plugin is the coolest?
No surprise there, basically the same problem constellation. And of bloody course most of them panels have been done in PHP or, yuck, Perl, the only language that might be even worse and a more nightmarish trouble ticket generator than PHP.
An office generally has fixed IP.
Otherwise:
You are supposed to audit all WordPress plugins, WordPress itself, and PHP interpreter.
Oh, don't forget to audit nginx, MySQL, GCC compiler, Linux kernel, Intel firmware...
#DeleteWordPress
I have logging in the frontend HTTP server.
The plugin is FilterEncoder.
What's left?
These are all very secure enterprise grade languages.
"Java
These are all very secure enterprise grade languages."
Bruh..
... or not, depending on many factors such a country, telecom, etc
Plus: it's not "the office" that admins the WP site, it's persons ... who tend to not be stationary.
If one even can, and it would need an organisation of significant size. Such as e.g. universities (oh wait, sorry, they for some reason very rarely provide such a service, let alone for a whole lot of software) or linux (oh wait, sorry, they're more in the 'creating new bugs' business), ...
Nice tag and I'd like to support it ... but won't happen. Way too many sites and even companies based on it.
Does it provide funny graphs and clickedy click stuff?
You are right. But won't happen, see above for reasons.
Nope. "Enterprise" yes, "secure" much less so.
And keep in mind who almost everywhere are the decision makers and what their priority is: efficiency (as in "how to create some software fast and cheap") and cost (and time and other variations of basically the same thing).
Plus, and I name just one example, facebook created "Hack", a less insecure PHP ... and hardly anyone outside of facebook uses it.
Efficiency as in fast and cheap?
All you need is a phone.
Use termux, vim a file, write html markup.
Check the result on chrome at file:///sdcard/hello.html
SSH into a server, vim a main.go file, type 4 lines of code, like:
var x = "< html > hello< /html>"
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, x) })
http.ListenAndServe(":80", nil)
}
Why do you ever need a graphical frontend to build a web?
I've code entire SaaS applications from my phone while having sex.
You just dont want to admit that u are effeminate thats all.
fmt.Fprintf
is too inefficient.You should use
w.Write([]byte(x))
.I can code entire website with my toe while doing push-ups.
Btw do you have any push-ups deals?
You came too late:
https://www.lowendtalk.com/discussion/comment/3187022#Comment_3187022
I sold a premium VPS for 19 push-ups.
Noooooooo, imma never get any of those flash deals
Maybe you could sneak something in for me 😉
I think should consider switching to Discourse or Flarum.
If it's not Vanilla, then it's not LET.
Why?
Is there any specific reason why it must be Vanilla?
Switch to phpBB for more attention
@jbiloh Switch to Discourse Please More secure and stable
isnt easier to find someone on fiverr
https://discord.gg/NMxrk9y
But it's just a weak appendage, not the true LET.
Discourse, not Discord :-)
Vanilla is stable and secure...
My personal oppinion.. vanilla is more eye friendly that discourse.
I'd point out something interesting.
There was a high quality forum that was an alternative to LET called vpsBoard. It's still around but virtually dead. @MannDude put a ton of work into it - I mean, really, a ton of work as well as his own money. They even have a kickass logo. It's run on a much more traditional BB software - IPBoard. But it didn't succeed.
Meanwhile, two LET spinoffs are both running Vanilla and both are still around and while I personally don't participate there, I think they're doing well in terms of traffic.
So...I think LowEnders just like Vanilla.
@FAT32 has been hired for the LEB re-write. Further updates to follow.
Big thanks to @FAT32 for accepting the job!
Correct man for the job
I never hated a forum as much as Vanilla purely for the back-loads-the-top of the page instead of previous scrolled view. It has since been fixed and now doesn't drive nails into my brain. The message board for pihole and yunohost are the worst dumpster fire of discussion boards.
Lack of ignore button sucks.
Also dislike that signature wraparound on mobile taking up to 4 lines. But that problem is an 11 on LES and completely ruins that site for me.
@FAT32 's best job is this logo:
Second best is this button: