[Businessmtg] FW: Web Site Report
Anne K
annabelina2 at gmail.com
Mon Mar 19 07:49:19 PDT 2018
Thanks Steve -
While I find your response completely fascinating - you are correct, it is the content, not the software that is under discussion. Thanks for the reminder :)
Anne
On Mar 19, 2018, at 2:34 AM, Steve Rankin <steve at serenitysys.com> wrote:
From: Steve Rankin [mailto:steve at serenitysys.com]
Sent: Sunday, March 18, 2018 11:22 PM
To: ASP Business Meeting
Subject: RE: Web Site Report
Hi Anne,
Thanks.
About the broken link → fixed.
Yes, WordPress is frequently hacked. If I had my druthers, we would NOT be
using WordPress. The switch to WordPress was sold to the Steering Committee
on the basis that it is much easier to use than the HTML Editor that ASP
purchased for our Web Master. After having rebuilt the website using
WordPress, I strongly disagree with the “easier to use” premise.
Unlike the simple HTML website that ASP used previously, WordPress sites are
a favorite target for hackers. In fact, ASP was hacked not long after the
switch to WordPress and ASP crashed completely. The ASP meeting went dark
for a few days while the List Administrator, Web Master and the support
folks at Esosoft, our provider, worked to restore everything.
The update process on the WordPress site has been automated, however there
are still some updates which must be done manually. Additionally, we’ve had
to install several plugins and those need to be updated manually, but plugin
updates may not be available. We have also added a security plugin called
WordFence. WordFence monitors the ASP WordPress installation and reports how
many attacks have occurred, who has logged in, etc. For example, this is the
list of the Top Ten attacks on the ASP website in ONE WEEK of January:
ISP Country
# of attacks
195.22.127.235 PL 1464
193.104.101.105 GB 30
31.14.128.208 IT 21
212.83.188.26 FR 20
181.214.87.244 US 20
199.204.248.117 US 18
5.196.72.102 FR 18
122.114.35.33 CN 17
200.89.107.74 CO 17
185.18.226.20 RO 15
That’s over 200 attempts to hack the ASP website every day.
IMHO, the risk is excessive , even with protections installed, and I am in
favor of returning to basic HTML for our website.
However, the current topic is the CONTENT of the ASP website, not the
SOFTWARE being used to host the website. Perhaps, you can request that this
issue be addressed in a future Business Meeting.
Hugs,
Steve
From: Anne K [mailto:annabelina2 at gmail.com]
Sent: Saturday, January 20, 2018 8:21 AM
To: Steve Rankin
Subject: Re: Web Site Report
Hey Steve -
Nice job! :)
As I was wandering through the pages of the current WordPress website, I did
find this; " </ul%3″noopener”>Miscellaneous Policies.” under ‘Archives
and Documents / Document ‘ section. It just looks like the link is not
coming through.
My only other comment is that WordPress is frequently hacked, and therefore
frequently patched. And while patches and updates can wreak havoc at times,
I wondered if we had discussed any procedures in the event of an update (or
a hack) - and granted I have not fully done any “homework” on this as in
reviewing previous business meetings or all of the motions and I will do
that, as this is the first business meeting I’ve been to in a while. My
initial suggestion would be to verify we are using the latest WordPress
version, and to verify that the server side has protections installed. All
that being said, we may want to look at similar types of things (if we
haven’t already) on the older websites as well.
My thoughts :)
Anne K
_______________________________________________
The ASP Instruction page is http://asp-afg.org/members/asp-instructions/
The ASP web site for ASP members is http://www.asp-afg.org/Members/
For assistance with other ASP issues, contact Jerry the List Administrator, at la at asp-afg.org
_______________________________________________
Businessmtg mailing list
Businessmtg at asp-afg.org
http://www.asp-afg.org/mailman/listinfo/businessmtg
More information about the Businessmtg
mailing list