[CDBUG-talk] FTP user for Wordpress Management
doon at inoc.net
Mon Aug 15 11:03:59 EDT 2016
> On Aug 15, 2016, at 10:47 AM, Jaime <jaime at snowmoon.com> wrote:
> On Monday, August 15, 2016, Dustin J. Mitchell <dustin at v.igoro.us> wrote:
> To be fair, just about any wordpress installation is so ridiculously insecure that this hardly matters. The sites themselves are almost never behind SSL..
> That sounds a lot like, "My cholesterol is so high that it doesn't matter if I stop eating salted lard or not."
> You have to start somewhere.
Have any you actually met your average user that wants webhosting? For a non trivial amount of them FTP is challenge, hence the want to use Wordpress so they can drag/drool their way through it. And in mass hosting giving the above person shell access is horrible.
And from what I've seen, that majority of hosting works this way.
Customer pays "web developer" a dumb amount of money for a website. "Web developer" installs WP, and a template. Then basically GTFOs. Customer uses WP-ADMIN to add content, etc... Never updating anything (this is better now, but developers choice of sketchy plugins still an issue). Site gets compromised, Fight between Developer and Customer cause Customer didn't pay for the maintenance, customer gets new "developer", lather, rinse, repeat...
Now that being said it is entirely possible to use FTPS/SFTP for all the interactions off net and just run an FTP server on localhost for the tool to interact with each WP instance. If someone sniffs your password on localhost, then you've got way more issues than SSL is going to solve..
Don't try to out-weird me, three eyes. I get weirder things than you in my breakfast cereal.
- Zaphod Beeblebrox, The Hitchhiker's Guide to the Galaxy
More information about the CDBUG-talk