[TriLUG] Wordpress alternatives

[Randy Barlow]

Engle, Victor wrote:
>> There was a really good photography blog that went down 
>> recently (Multimedia shooter) due to a vulnerability in 
>> Wordpress.  Now, I'm a smart enough guy to backup my database 
>> (unfortunately, they weren't) but who wants the hassle of 
>> dealing with a compromised website.
> 
> Just for the benefit of those of us using Wordpress and planning to
> continue would you please post any additional details, if you have any,
> about that site which was compromised because of a security hole in
> Wordpress. Was it an old version of Wordpress and was it a known
> vulnerability?

You know, honestly I don't know.  I didn't mean that to say that nobody 
should use Wordpress.  The sysadmin wasn't backing up their database, so 
it's probably the case that they also weren't keeping Wordpress up to 
date (i.e., I'd venture to guess is was an old version) but you'd have 
to find out about that on your own if you wanted to know.  Didn't mean 
to be dogging Wordpress though.  Actually, those of you who stick up for 
Wordpress have got me considering it again.  It sounds like the best 
policy for web apps is to go without a package manager.  And Matt, you 
are right about the Gentoo GLSA's in general.  There are some times 
though where they will mask a package rather than fix it if it doesn't 
look like upstream will.  Whatever the case may be, keeping up with 
upstream when there are constant patches must be a lot of work, so I 
don't blame the Gentoo devs too much there as I know they are short of 
volunteers.

I did install b2evolution from portage (it's an older version).  It 
seems pretty cool, but I do like wordpress a little better.  It seems to 
be maybe a little heavier than Wordpress.  And the idea of many eyes on 
the code is one of the better security principles I know of (though 
obviously not fool proof at all).  Thanks again!

-- 
Randy Barlow
http://electronsweatshop.com