Hacker News new | past | comments | ask | show | jobs | submit login

>Most people have their first contact with all this when their site is hacked (plugins not updated for years)

Well, Wordpress can know auto-update the plugins...




The problem is most Wordpress plugins are abandoned. Most sites default to auto updating plugins, but if the plugin author isn’t pushing security patches it’s a big vulnerability.

Wordpress plugins are notoriously bad at input sanitization. Even many large, commercially supported plugins get abandoned or simply aren’t secure.


> Well, Wordpress can know auto-update the plugins...(sic)

And your site (Or some parts of your site) could break at any point in time without your knowledge and remain broken for a long time until you find that it’s broken. There is no platform that doesn’t require “babysitting” with maintenance and testing.


The key is to use select few plugins, with huge communities, sure to be updated to the latest version...

You still need to check on them, sure.

>and remain broken for a long time until you find that it’s broken

Well, if you don't find out that it's broken fast enough, perhaps you don't need it anyway!


However, we have a site with visual builder that is no longer under annual subscription.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: