What do you expect from future versions of WordPress?

jamilaliahmed

Member
Joined
Mar 9, 2016
Messages
26
Points
1
WordPress now powers up to 26.4% of the web and is continuously increasing its market share. I agree with Robby McCullough co founder at BeaverBuilder as he said 'push for a better customization experience' said here..
Please discuss what are your expectations for future versions of WordPress?
 

HostColor

Well-known member
Hosting Provider
Registered
Joined
Jul 27, 2016
Messages
247
Points
28
Define "customer experience", please. Many folks just use cliches. I would say:
- Make WordPress les vulnerable (as it is quite vulnerable CMS at the moment)
- Make the plugins to be less resource-cinsuming, by setting certain guidelines for plugin development.

Hope that this helps.
 

Hugo E.

Member
Registered
Joined
Sep 8, 2014
Messages
62
Points
0
Hugo E.
This is thing I am caring, I am expecting Wordpress will improve security for their CMS better.
I have seen many sites hacked and it is a weak point if compared WP with other CMS.
 

rshosting

Member
Registered
Joined
Feb 28, 2017
Messages
23
Points
0
Security security and security is the major concern for Wordpress. With everyday hackers trying to invent new ways to brute-force wordpress, Wordpress really need to work on their security. There should be a certain benchmark for themes or plugins to be eligible for production use, which should be implemented by Wordpress at the time of installation and install them only if they qualify.
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,477
Points
63
Security security and security is the major concern for Wordpress.
I quite agree with you, don't know why Wordpress didn't improve the security for their cms over years.

With everyday hackers trying to invent new ways to brute-force wordpress.
Are there any ways to decrease brute-force attacks on Wordpress?
Disable it or 2 level password authentication by a plugin?
 

rankmyhub

Well-known member
Registered
Joined
Feb 14, 2017
Messages
193
Points
18
Are there any ways to decrease brute-force attacks on Wordpress?
Disable it or 2 level password authentication by a plugin?
https://wordpress.org/plugins/wp-simple-firewall/

Check this out. Will help you achieve, what you are looking for. In my experience, we have handled more than 100 wp instance, which never got attacked or hacked till date. As we implement best security practices possible. Most important thing is password security and hiding the wp-admin part, which will kill most attacks. Rest will be easy to tweak.. Regular maintainance is also important to keep wp secure and good.

Thanks.
 

LarsJ

Active member
Hosting Provider
Registered
Joined
Sep 19, 2016
Messages
81
Points
8
The WP security by default is virtually nonexistent unfortunately. I do still believe that free security is not as good as paid for software. Having said that, a WP site with just the basic WP installation is going to get hacked after a matter of time for sure. Brute force attacks are relentless.
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,477
Points
63
Most important thing is password security and hiding the wp-admin part, which will kill most attacks. Rest will be easy to tweak
I agree with you about these, I will not use a plugin to make WP sites secured. That will be more risks because those plugins are shared and it could contain security holes.

The WP security by default is virtually nonexistent unfortunately. I do still believe that free security is not as good as paid for software. Having said that, a WP site with just the basic WP installation is going to get hacked after a matter of time for sure. Brute force attacks are relentless.
I have to agree with you.
Do you use any effective ways to stop Brute force attacks on WP sites?
 

LarsJ

Active member
Hosting Provider
Registered
Joined
Sep 19, 2016
Messages
81
Points
8
The techs we have install something serious for sure but on top of that we use ithemese security which stops a lot of brute force attacks directly targeting WP. Changing the "wp-admin" to something like "login" or "righthere" helps a great deal. Bad guys are just looking for wp-admin all the time. It's unfortunate when a lot of hosts offer Wordpress hosting and clients assume that means WordPress security too...
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,477
Points
63
David Beroff
Are you talking about changing folder name of wp-admin? or using codes to change this?

or using htaccess code to protect wp-admin with a password?

What is the best way?

I normally use a password to protect wp-admin but not sure it is the best way to stop Brute force attacks
 

rankmyhub

Well-known member
Registered
Joined
Feb 14, 2017
Messages
193
Points
18
I agree with you about these, I will not use a plugin to make WP sites secured. That will be more risks because those plugins are shared and it could contain security holes.
If you do not want to trust, plugins, then you should probabily make security stuff yourselves. Which is not so easy for a newbie or even intermediate user. We have to trust developers, if not we have to be a developer, simple.
 

rankmyhub

Well-known member
Registered
Joined
Feb 14, 2017
Messages
193
Points
18
I do still believe that free security is not as good as paid for software.
I would say this is rather a myth. If something is free, it does not mean that it is cheap or not worth using. Infact everyday stuff we use like server OS, softwares and other things are free and open sources and they are tightly secured. There is something called social code of conduct and much more.

You should probabily read more about things, one thing I will convey, do not think free stuff is bad. If it is bad, no servers run linux OS. They will run Mac or Windows lol. But majority of server software is run on linux os which is free and better when it comes to security.

Please read here: https://privacytoolsio.github.io/privacytools.io/#os

For example debian is open source, and free. It does not mean it is inferior to windows or mac. Its just free, but its not mean insecure.

Suggested reading: https://cryptoseb.pw/paper

Note: Its not realted to WP, but I just wanted to say that free is not secure is just a myth.
 

BlueLeaf

Well-known member
Registered
Joined
Apr 11, 2017
Messages
161
Points
18
Security has always been WordPresse's Achilles' heel, but it's not all doom and gloom. By taking basic security measures you reduce the risk of being hacked considerably, and there's plenty of tips and tricks all over the web on how to secure a WP site.

For me, more lightweight plugins are definitely the way to go forward. I would introduce strict guidelines and regulations for plugin development. I would also like more attention to be given to WordPress Multi-Site.
 

LarsJ

Active member
Hosting Provider
Registered
Joined
Sep 19, 2016
Messages
81
Points
8
I'm not saying free is bad. I'm saying the software that costs it usually better. A lot of companies offer free versions of their software and the paid for version is noticeably better with more features. Of course there will be free stuff out there that is great, but the same companies offering two different versions will have a more feature packed one that people pay for. So yes, CentOS is free and great, Windows is not and no that doesn't mean it is "better". There is also the issue of charging for software that comes with support for example. That could be listed as "better" too.

Also, for David's issue mentioned earlier, changing the default WordPress login page, can help significantly. iThemes has that option under advanced settings called Hide Backend. "Hides the login page (wp-login.php, wp-admin, admin and login) making it harder to find by automated attacks and making it easier for users unfamiliar with the WordPress platform."
 
Recommended Threads
Replies
16
Views
6,843
fwh
Replies
5
Views
3,123
Replies
4
Views
1,434

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top