[ale] [EXTERNAL] Hosting wordpress at home
Allen Beddingfield
allen at ua.edu
Wed Dec 6 09:24:32 EST 2023
I am typically the guy who never trusts anything that isn't running on a server under my control, but in this case, it would be a LOT less headache to just create a cheap VM on Vultr and run it there. If they do go the route of home-hosting, definitely follow the advice that has already been given regarding segmenting the network off. I administer a large web environment at work, where we primarily run WordPress (think hundreds of sites), and the two main attacks we see are: 1. Exploit some vulnerability to implement a PHP shell, where they will either do scanning of the network, or attempt a local privilege escalation exploit to gain control of the web server. 2. Compromise the site in a way that it still functions but tries to serve out malware, or inject PHP files into the data directory to server out their own content by directly linking to it in spam e-mails (think "pharmacy" sites, etc...)
Being a person who deals with a LOT of WordPress at work, I would say don't use WordPress unless you have to. In our environment, "Wordpress" equals "website"....people use it when a simple handful of HTML of PHP files would suffice....then, Wordpress needs constant care and feeding....
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen at ua.edu
________________________________________
From: Ale <ale-bounces at ale.org> on behalf of Boris Borisov via Ale <ale at ale.org>
Sent: Tuesday, December 5, 2023 4:31 PM
To: Atlanta Linux Enthusiasts
Cc: Boris Borisov
Subject: [EXTERNAL] [ale] Hosting wordpress at home
Friend of mine wants to move hosting at home. What would you use to make it happend. Hardware and software. Suggestions appreciated. Dedicated hardware will be used.
More information about the Ale
mailing list