WordPress is the most popular blogging software you can find online. You can install it on almost every shared web hosting provider. Popularity may be a great thing for software however it can become an all you can eat buffet for "black hats".

Too Many Bots

There are a lot of "back links" and "link popularity" bots on the web just spamming WordPress software. In my logs I noticed these bots have identified that I have WordPress installed and they attempt to hit the specific driver urls to send payloads. These things are not nice since they are performed in almost a brute force manor. These bots will also "phone home" a success validation that it is indeed a WordPress site. They can also be clever enough to obtain the version installed! The domain is now stored in their database as a WordPress site for further attacks.

Plugin Exploits

How many plugins does the average WordPress install contain? I know for sure I had a dozen active plugins at one point. Come to think of it, of these plugins a backdoor or malware could have been placed. It is not hard to write a keystroke logger in javascript that can attempt to encode the keystroke strings and ping a pixel image with a encoded query string of the value. These requests are sent to a proxy server that handles that url and stores your every keystroke. Do a simple google search for the term hacking wordpress. Enough said. :)

My Custom CMS

I wrote a very light weight custom CMS system. I was using a HTML5 WYSIWYG editor but it's been replaced with a simple plane jane <textarea> with minor JS added to add "tabs". I often found myself writing in the html code view on the WordPress editor anyway.

I'm using Disqus commenting widget since they provide a lot of spam and security checks on their end. They allow my pages to be discussed socially as well. I got sick of deleting viagra spam on WordPress. My website loads in 0.02 seconds which is a huge performance gain compared to WordPress. It took me a weekend to create this basic CMS. I've abstracted out some objects to create a plugin system so I can create additional page widgets such as the GitHub download link and buttons. The time it took proves the RAD (rapid application development) that MVC frameworks provide. If you're a software developer, take a look at MVC frameworks and create your own. If you're not, contact me for a quote on having your very own personal CMS on a custom platform without all the hassles as stated earlier.

WordPress is a good blog and website CMS however there are just too many problems that I simply cannot keep up with. The updates are getting as bad as Windows updates. This is why I got rid of WordPress and wrote my own.


comments powered by Disqus
eXTReMe Tracker