This prevents a lot of attacks because there are centralized points of enforcing content security. In Joomla! all developers MUST go through JInput to get access to $_FILES, $_GET, $_POST and $_REQUEST superglobals when requesting data. The Joomla! core enforces content security through centralized points So if you notice your WordPress site seems to be struggling when it doesn't have a lot of visitors this might be a sign that something is amiss in this area. The scripts are designed to use the infected website cpu cycles to mine cryptocurrencies for the hackers. The injected scripts are named in such a way to make them appear legitimate so that a webmaster doesn’t get alarmed when seeing them. They are taking advantage of the very popular WordPress platform that is easily targeted for code injection for things such as javascript miners. To make things worse, with the emergence of cryptocurrency technology, WordPress installations are heavily under attack by malicious crypto miners. There's just too many points of entry that a hacker can target in a site with poorly done direct web accessible php files. If you are uninformed you are taking big chances with your site. You really want to know a lot about who is creating those plugins for WordPress functionality that you are using. It's easier for them because of the inherently poor security model by which WordPress allows. The number one cause of hacked WP sites are from hack scripts that hackers upload which execute malicious files. WordPress cannot be secured as tightly or easily as Joomla ![]() Having a centralized and messy `functions.php` file in the theme is the best example of this. This also leads to improper code and improper code is easily insecure as well. There is no Object-oriented programming (OOP) at all, and everything is executed in "easy-to-use" but also loose code structures and functions. Wordpress coding practices are based on php 3.x standards which if you check on php.net you will see is from over 17 years ago. files are just conventions that can be easily broken. There is also no way to ensure you're purchasing a clean or proper template because the `header.php`, `footer.php`, etc. That's literally because there is no `index.php` file. Wordpress themes are based on an override system that allows the developer to specialize each content or post type from scratch. WordPress themes launch many of the hooks instead of the core and there is no predictability in the sequence of how things are triggered. Plugin subdirectories are directly web accessible for files and media. The wp-content folder is a security nightmare hosting code installed by plugins, themes, core upgrade files and user uploads, all with different levels of trust in the same folder. WordPress by design is chaoticīy design WordPress has a chaotic structure which allows many directly web accessible. When a developer creates extensions and other things for Joomla there is a best practices method of doing so that ensures security is addressed properly. Plugin events are fired by the core in predicable ways. Joomla uses predictable directory names for extensions, media files, images and so on. All front and backend web requests must go through an index.php file. What essentially makes Joomla a better choice for security is the predictable ways that it works. Developer best practices for Joomla ensures security is properly addressed ![]() Joomla already had a large community of developers supporting it including a security team of which this particular person joined to contribute to the project. ![]() There was no point in recreating the wheel so to speak. ![]() One developer in particular told me that he had considered building his own CMS but when he reviewed the Joomla code base he discovered that it was very well done and cleaner than any other CMS based software available. Way back at the start of our website building journey in 2005 I asked a few developers what their CMS of choice was. Our bias towards Joomla is obvious and there are good reasons we prefer Joomla. Here at JoeJoomla we don’t have any concern in this regard. I understand his point, people can react in fanatical and negative ways when you criticize their beloved platform. It would have been great for him to write his own blog post about this topic but he doesn’t want to deal with the potential fallout from Wordpress fans such a blog post may create. It was written by a talented and well respected developer that specializes in web based Content Management Systems (CMS) security and backup tools. I read a very eye opening tech support issue regarding Joomla vs Wordpress when it comes to security. Who wins the fight when it comes to Joomla vs Wordpress for security?
0 Comments
Leave a Reply. |