[lug] web site advice needed
Quentin Hartman
qhartman at gmail.com
Tue Sep 3 11:54:48 MDT 2013
So, my advice for this boils down to "The quality of a service installation
is directly related to quality of the admin(s) who manage it.". If someone
does a half-assed job of installing _any_ web application, it will fall
over under load and be vulnerable to attack. I have yet to see one that has
any kind of reasonable featureset that is hardened and performant out of
the box. So, whatever you pick, learn it well, and take the time to set it
up right.
It's hard to go wrong with wordpress as a blogging platform, and is what I
usually recommend to people starting out. It does require some post-install
configuration to make make it as safe as possible and handle large loads.
There's tons of resources online about hardening wordpress and dealing with
CCU spikes, so I won't try to repeat it all here. Probably the two most
important things you can do if your design can accommodate it is to
obfuscate the login page and disable anonymous comments. That will protect
you from the vast majority of the WP vulnerability trollers out there.
One tool I've found useful to make sure what you're doing actually worked:
http://wpscan.org
On Mon, Sep 2, 2013 at 6:56 PM, Robert Racansky
<robert.racansky at gmail.com>wrote:
> On Sun, Sep 1, 2013 at 2:58 PM, Robert Racansky
> <robert.racansky at gmail.com> wrote:
> > So I've set up a web site to promote my upcoming book.
> >
> > Right now, it's just a static site with a "Coming Soon" message.
> >
>
>
> One thing I forgot to ask -- online payment / donation service.
>
> ie, I want to be able to put a "Donate" button on the main page, so
> people can donate to my legal defense fund.
>
> But it's not something I want to install on my own server ( unless
> it's really easy, but then there's the issue of separating the web --
> app -- DB servers again ).
>
>
> The only 3rd party provider of such a service I'm aware of is Pay Pal.
> Are there any others? Are there any I should avoid using?
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20130903/6a9f811f/attachment.html>
More information about the LUG
mailing list