I got a call at 11:03 PM last year. A client. Panic in his voice. His website was showing a phishing page in Chinese. Every URL redirected to a fake login screen. His customers were messaging him on Facebook asking if he'd been hacked. He had been. An outdated contact form plugin — one he'd never asked for, installed by the previous developer because it was "free" and saved an hour of custom work — had a known vulnerability. The attacker automated the exploit, dropped a backdoor, and replaced his homepage. It took me four hours to clean. Two more days to harden everything else. The client didn't sleep that night. Neither did I. That's not a WordPress bug. That's WordPress economics. I've been building websites since 2001. I've used WordPress for fifteen of those years. I've built blogs, corporate sites, e-commerce stores, and membership platforms on it. I'm not saying it's a bad tool. I'm saying it's the wrong default for the projects that come through my door today. The problem isn't…
Log in to reply on the Fediverse. Comments will appear here.
lots of good points... but this kinda threw me:
'"But WordPress Powers 43% of the Web"
So does gravity. That doesn't make it the right tool for every job.'
Gravity does what now?
I like this form of development, just the minimum of what's needed. It even has me thinking of a side project that I'm working on that's using react, but probably doesn't need it