Displaying 1 To 26 Of 26 Comments WordPress Not The Direct Cause Of Mass Site Attacks @Ted Clayton – go for it Ted…Comments Posted By Terence
riffing off on your straight-up report with a bunch yeah-buts & ya-knows … but you gave me such a great opportunity.
– nobody expects the Inquisition!
» Posted By Terence On March 13, 2012 @ 10:00 PM
@Ted Clayton – the ability to determine exactly what was used to gain access is not always evident, but the fact remains, the SQL credentials are in a known location and often. through inexperience or carelessness, not as well protected as they might be. There now Ted, will you accept that statement without requiring the Spanish Inquisition?
» Posted By Terence On March 13, 2012 @ 6:37 AM
@Scott Schwab – why in particular does Rackspace allow you to get a good night’s sleep?
» Posted By Terence On March 13, 2012 @ 6:23 AM
@Alex (Viper007Bond) – where’s the misinformation Alex?
» Posted By Terence On March 13, 2012 @ 6:22 AM
@Chip Bennett – well if its not exploitable, why does the codex suggest “hardening” by moving the wp-config.php file elsewhere? Seems to me, if its so safe, there’s no need. You can’t have it both ways. But the whole idea of leaving those credentials in plain text, no matter how many other programs do it as well, seems to my non-developer (il)logical thinking, to be an accident just waiting to happen. And for @Ipstenu to say they all do, so its OK, to me seems rather like saying – “those cars all have lousy brakes, it doesn’t matter if my car has lousy brakes too”.
» Posted By Terence On March 12, 2012 @ 5:55 PM
@Ryan Hellyer – its not a “reputation” its fact. Check out your wp-config.php.
» Posted By Terence On March 12, 2012 @ 5:31 PM
@Chip Bennett – if what was true Chip?
» Posted By Terence On March 12, 2012 @ 5:30 PM
With WordPress providing the SQL login and password in plain text in its wp-congfig.php is it any wonder why so many WordPress sites get hacked and WordPress gets the reputation for being difficult to impossible to make secure?
Terence.
» Posted By Terence On March 11, 2012 @ 10:16 AM
Lance Willett Helps Beginners Navigate WordPress Theme Landscape
Where do you start trying to help some people who are so pathetically ignorant (and I don’t mean that in a bad way), that their lack of knowledge includes not only a lack of any real understanding of the technical issues, but also the fact that they are obviously trying to communicate in a second or third language?
This is the Internuts dilemma which, it seems, is not going to be resolved by spoon feeding a simple answer. Apparently, or at least I think I observe, this is the empirical solution at work daily; best to ignore them, so their thirst for knowledge motivates them to study further and learn for themselves, in the depth necessary to solve their problem, rather than just help them with easy answers to their current problems.
Am I right or am I left?
But when helpful advice like RTFM and “Google is your friend” go un-headed, what should be our collective responsibility to them? Any or none?
What do you think?
» Posted By Terence On March 13, 2012 @ 8:27 AM
500 Plugins To Possibly Be Purged From The Repository
The boys got a pair. No style. But definitely got a pair… 8^)
Hey Don? Do you always go for the full monty — even on a first date?
» Posted By Terence On February 27, 2012 @ 11:08 PM
Dr Ahmed Dasuki, if you don’t mind please. And just because I keep you entertained with my totally transparent attempts at hoodwinking the unsuspecting, doesn’t make a bad person, does it? I’ll send you some more spam in a minute. Please have your check ready… 8^)
» Posted By Terence On February 27, 2012 @ 10:58 PM
@Don ~ I do not study taxonomy; not even a technologist. Therefore my comments are just that; comments. From my own experience though, taxonomies are a bit like business plans. No matter how comprehensive they’re restrictive, and at best, they can only guess at what will be in the future. Which is why I pointed you to what Kevinjohn Gallagher was saying in another thread, about the future of WordPress as a CMS.
And as for good old Ted, and whether he works for WordPress or not. I doubt it, but who cares? If he puts out a load of BS and doesn’t expect anyone down the pub to call him on it, he should drink elsewhere. Besides, I only posited the same line of logic he was peddling about your website. I merely suggested how his line of argument might be applied to him and asked him for his opinion.
By the way Don, I have sent you my email address twice. Have you not got it yet?
@Tim H. ~ sorry, I have no idea what you are talking about.
» Posted By Terence On February 27, 2012 @ 10:33 PM
@Don ~ Ted Clayton’s “Work is being done, and the outlines of an ‘intentional’ structure & functionality are coming into view”, whatever that means, doesn’t exactly fill me with confidence. In fact, quite the opposite. So if WP isn’t willing to put any effort into the back-end plugins interface and repository (have you had any dialogue with them on this issue?), why not (why not anyway), add additional functionality to your website and offer plugin authors an alternative WP repository? One which doesn’t make them “jump through hoops to give stuff away” — with all the necessary caveats of course. One thing I would caution though, you’re going to need a lot better taxonomy than the native WP repository provides. And also, if it fills up with thinly disguised freemium and purely commercial plugins, it won’t be very popular. At least not for very long… 8^)
» Posted By Terence On February 27, 2012 @ 8:54 PM
I have to admit that’s an aspect I totally overlooked — the number of authors who have valuable, if not unique, contributions to make, who are totally put off by the intransigence at WP which for years hasn’t been able to see this particular nose in front of their face. I would go so far as to say that it must, at least to some degree, have retarded the growth, as well as the usability, of the platform, as more people than should have done found out it couldn’t do what they wanted it to. Only it could. They just couldn’t find out how and with what.
» Posted By Terence On February 27, 2012 @ 7:47 PM
@Don ~ you mean the possibility of him ‘keeping it real’. Yes, I suppose it was a bit far fetched, that… 8^)
» Posted By Terence On February 27, 2012 @ 7:13 PM
@Ted Clayton ~ would you accept that if, after limited exposure, the indications were you didn’t have enough intelligence to sit the right way round on a lavatory, let alone comprehend the meaning of of the word “evidence”, and for whatever reason, because nobody chose, on your behalf, to defend your level of competence, you were, in fact, totally imbecilic?
No? I didn’t think so.
I suggest, while you have the dictionary on screen and are looking up the meaning of “curmudgeon”, you might also look up and learn the meaning of the word “evidence”. It might help you ‘keep it real’, if nothing else.
» Posted By Terence On February 27, 2012 @ 6:48 PM
@SearchWPPlugins ~ just click on the “reply” button. That’s what its there for… 8^)
» Posted By Terence On February 26, 2012 @ 11:00 PM
@SearchWPPlugins – with difficulty Don (or is it Ed?). But just a tad less difficult than anyone trying to contact you from your website… 8^) Try this and it should find me… q3mrs@tittbit.in
» Posted By Terence On February 26, 2012 @ 10:46 PM
@Don ~ I have stated pretty clearly what I think should be done, but that’s with about 5 minutes thought on the subject.
I think the problem you are always going to have with your concept is that a website, no matter how much you improve it and how good it becomes (and it’s not too shabby at the moment), it doesn’t actually solve the problem most people have. It’s a different answer to a different question. And, as such, it will always be the 2nd port of call for most people.
The difference between 1st and 2nd, by the way, I would guess is probably as profound as being on page 1 of Google’s SERP, or on page 2 — something like about 8,000%
So my suggestion to you would be to read what Kevinjohn Gallagher wrote here — http://www.wptavern.com/case-study-on-how-wordpress-won-the-crown#comment-19000 — then think about the kind of delivery framework, taxonomy, search, select and install tools we will need to manage the WP CMS platform of the future, port all your code to a “WordPress Plugin Directory Assistant” plugin, or whatever you want to call it, and I will help you with the marketing and also with monetization, if that is an issue.
But the main thing is this. Help folk by solving their problem, not your problem. If you do that, you’ll have more success than you know what to do with.
And you might want to keep and eye on this too — http://amazonsilk.wordpress.com/ — which, by the way, I found here — http://ma.tt/2011/09/amazon-silk-on-wp-com/
» Posted By Terence On February 26, 2012 @ 6:58 PM
@Don ~ if I was a developer I would help you. In fact, if I was developer, you might be using *MY* WordPress Plugin Directory Assistant by now. In fact we all might… 8^)
» Posted By Terence On February 26, 2012 @ 4:52 PM
@Chip ~ no I didn’t, of course, why would I? I’m not WP’s corporate lawyer. But if I were, from the limited experience I have had in the past (used to work for DuPont and we had a whole department dreaming up trade names 24/7), I’d probably say… good luck with trying to protect a trade name constructed with two ordinary words from the English language. And also, don’t rattle your sword unless you’re prepared to pay for several tickets to San Diego and a few other sundry expenses. Far better to decide, overall, they’re enhancing your image and promoting your products, and leave them the hell alone, unless that changes. The rest of the bla bla (the link you included), is all corporate weasel words and FUDS put out by corporate lawyers to keep themselves employed, and repeated unthinkingly by corporate manager types who want to be seen to be singing from the corporate hymn sheet. I know, I used to be one. No silly, not a corporate hymn sheet… 8^)
P.S. Just because I don’t agree with you doesn’t make me your enemy.
» Posted By Terence On February 25, 2012 @ 9:59 PM
I just had another thought, after looking at what they’d done over at the http://searchwordpressplugins.com/ site.
Supposing someone like Lead Internet Web Directory ported their code to a plugin, which replaced the whole back-end plugin search/install function within WordPress, and because it was so good, everyone – I mean EVERYONE – started using it? Now wouldn’t that be cool?
I wonder how long the great and the good at WP would spend rearranging the GPL deckchairs when they realized their whole, carefully nitpicked curation effort had been totally circumvented and the market had got the tools it wants instead? I bet it wouldn’t take long for someone to think its important, then, and for the native back-end plugin search/install function to get a suit of new clothes.
You never know, the new guys on the block might even come up with an innovative taxonomy, and create a custom post type with all kinds of useful information (which installs when you install a plugin using their back-end search/installer plugin), such as contact/support info, number of active current users, error rates, real compatibility issues and author bug fix rates, and all kinds of interesting stuff like that. They might even provide a web service which interfaces with their plugin and federates all this useful data (the authors of this new WP Back End Search plugin, that is).
You know, you’d think with such clever people on-board, at least one of them would be able to spot their own weakness and get something done about it… wouldn’t you?
But, what do I know? I am just a marketing guru. Right?
» Posted By Terence On February 25, 2012 @ 10:56 AM
@Jean Galea ~ thank you so much for pointing out the site to me – THE BEST WORDPRESS PLUGIN DIRECTORY SEARCH ENGINE, is definitely what it says it is.. 8^)
It just shows what can be done, even without “inside” knowledge, when your motivations are providing an optimal solution, and not those of defending the status-quo, or doing something else, more important.
Which is really what the whole WordPress plugin repository is all about, providing an optimal solution, that is.
The fact that the internal WordPress plugin search offering has remained untouched and unloved for so long as it has, has to be, obviously, because nobody that matters, apparently, thinks its important enough to do anything about.
Having now found the http://searchwordpressplugins.com/ site, I will definitely be using it as first preference, and save myself both the time and hassle of using WordPress.
Something I thought I would never, ever, have to say.
» Posted By Terence On February 25, 2012 @ 10:06 AM
Ted, thank you. Your words brought a little cheer to an otherwise mirthless day.
But despite the all rhetoric and innuendo, the fact remains, the plugin search interface within WordPress is ancient, creaking and a time-waster. It could, and after all these years should be updated, made really slick – like the rest of WordPress – and additional functionality added to make it a time-saver. To prevaricate and argue otherwise is pedantic and Luddite.
I can agree with you on one thing though — it is a surfeit of riches.
And I’d happily give you my half a clue (so that you have a whole one), if I thought it would do any good.
But despite all the huff and puff, I still don’t hear what’s going to be done about.
8^(
» Posted By Terence On February 24, 2012 @ 5:24 PM
The issue of whether or not 500 quasi GPL licensed plug-ins are de-listed pails into insignificance when compared with the total shambles the whole 18,460 item database is in right now, from an end-user’s point of view.
The hours spent trawling through endless crap which nobody downloads (because that’s all some of it is now), to find the real nuggets, although it could be argued is well invested if you come up with a little gem for free, in my view is a total waste and disrespect of the customer’s time.
Would Mozzila, Firefox or Chrome plug-in users put up with only being able search by a text string? I don’t think so. Why should we?
For example, why can’t the tables have filters so that I can isolate plug-ins that have been tested to work with my WP release (or another I can pre-set)? Why can’t I select to see only 4 or 5 star entries? Why can’t I filter by the most popular of a plug-in type? Why can’t I set up my preferences and have WordPress remember I only want to see specific rating level, a version compatibility level, author or –wait for it– license type (well why not?). I’ll tell you the reason.
Because so far, everyone who has the skills and the authority to do it doesn’t give a shit, or thinks its just trivial, and is more concerned with doing “important stuff” and being famous for 15 minutes at some camp or another.
Well think about this. How about becoming famous *FOR EVER* and being the person who sorted out this mess, turned it into a library named after them (or some Jazz star or another), and made it into the incredible resource which, at the moment, is just being squandered and even worse, driving people nuts for no reason.
Talk about a marketing faux pas. But I forgot, you’re all geeks and don’t know anything about marketing, right? Well, now you at least know something.
It’s about time. Go do it!
» Posted By Terence On February 24, 2012 @ 9:48 AM
Case Study On How WordPress Won The Crown
«« Back To Stats Page@Kevinjohn ~ I always read your comments and wonder how you ever find the time you need to do all the stuff you do, and then find additional time to document the stuff other people don’t do, or don’t do well, so copiously. So its always a surprise when I find you missed out something worthy of, shall we say, constructive criticism? What about that most ancient of back-end tools used to try and sort out useful and worthy plugins from the dros, and install them? Is that not worth even a mention? Maybe even a eency weency little carp? Oh go on. You can do it… 8^)
» Posted By Terence On February 26, 2012 @ 11:27 AM