Wordpress Novice Build From Scratch Can It Be Done Lets See
Discussion
TonyRPH said:
The problem is, things are not documented.
I recently had to resurrect a site that was based on LemonStand (Ecommerce platform) - however - there were no less than 4 versions of the site under the htdocs directory, and deciding which one to use was a ballache (I was working from a backup - so no live system to compare with).
Add to this that no database details were documented (you know critical things like username and password - LemonStand uses encryption for this), also - there was a custom section which used another database...
It took me a week, and even after going live I had "activated" the wrong site (which was easily fixed).
However, if someone had taken the trouble (like I did once it was done) to spend 30 mins on a one page document...
I recently had to resurrect a site that was based on LemonStand (Ecommerce platform) - however - there were no less than 4 versions of the site under the htdocs directory, and deciding which one to use was a ballache (I was working from a backup - so no live system to compare with).
Add to this that no database details were documented (you know critical things like username and password - LemonStand uses encryption for this), also - there was a custom section which used another database...
It took me a week, and even after going live I had "activated" the wrong site (which was easily fixed).
However, if someone had taken the trouble (like I did once it was done) to spend 30 mins on a one page document...
That is crazy.The problem is that there may well have been documentation but the business owner has probably saved it safely in a folder with a thousand other documents all named document32.docx etc.
Also, bearing in mind how simple WP is supposed to be, some documentation consists of 20+ pages.
Penelope Stopit said:
Approx 8 Hrs spent today
Total = 26Hrs 40 Mins
Thank you for all the help, I couldn't reply sooner as I was on a learning curve and still am
I had a big problem attempting to do anything, it would have helped if I read a few tutorials or watched them at youtube
What I ended up doing was trying out a few themes that came with some plugins to assist with a build, having tried out a few things today and learnt how to build a menu with dropdown and add pages that linked up to the menu, I have ended up with a 25 page very messy website as it needs much tweaking
If I had read up on the core things needed to get started I could have done this in Approx 10 Hrs
I am not sure I will ever use Wordpress for a serious website and will post my reasons later as my partner is calling me for food
Now run wpscan against it to see what vulnerabilities are hanging around.Total = 26Hrs 40 Mins
Thank you for all the help, I couldn't reply sooner as I was on a learning curve and still am
I had a big problem attempting to do anything, it would have helped if I read a few tutorials or watched them at youtube
What I ended up doing was trying out a few themes that came with some plugins to assist with a build, having tried out a few things today and learnt how to build a menu with dropdown and add pages that linked up to the menu, I have ended up with a 25 page very messy website as it needs much tweaking
If I had read up on the core things needed to get started I could have done this in Approx 10 Hrs
I am not sure I will ever use Wordpress for a serious website and will post my reasons later as my partner is calling me for food
https://wpscan.org/
Will need a linux box of some description.
Penelope Stopit said:
I am not sure I will ever use Wordpress for a serious website and will post my reasons later as my partner is calling me for food
A suitably hardened WP install is about the best possible value for money/ease of use CMS product you can have.Is your problem with WP based on how long it's taken you, or something else?
LAMP/WAMP + WP + theme + hardening is not a 26 hour job...
Thank you to all for the advice/security info and thoughts
I would now be wasting my time posting my opinion of Wordpress, there has been a big update and something that should have been done a long time ago has just taken place
I have now completed a fresh install and will start experimenting/learning/educating myself
If only this had happened a few days earlier
I am now looking forward to the opinions of experienced Wordpress Website Builders regarding this new Wordpress
Thanks again for everyones posts and efforts in getting me started. Time to start again
I would now be wasting my time posting my opinion of Wordpress, there has been a big update and something that should have been done a long time ago has just taken place
I have now completed a fresh install and will start experimenting/learning/educating myself
If only this had happened a few days earlier
I am now looking forward to the opinions of experienced Wordpress Website Builders regarding this new Wordpress
Thanks again for everyones posts and efforts in getting me started. Time to start again
Tonsko said:
Penelope Stopit said:
If only this had happened a few days earlier
You've never wasted time as far as gaining knowledge is concerned. This time around will take half the time and cement techniques and skills.I will take a look at the security info with Linux in the future, I wonder if any of that will change
An alternative take on this.
I'm not a total WordPress novice, as I have installed it twice previously. Once on my webhost and once on my local machine for development. Both of these installs were when I first set up Wordpress 6 or 7 years ago.
I've started from fresh again on my Mac, and wanted to test the new WordPress version works with my theme etc, so decided to set up MAMP and a fresh instal of WordPress. Started at 21:11 and finished at 21:32, following the instructions here: https://codex.wordpress.org/Installing_WordPress
I'm not a total WordPress novice, as I have installed it twice previously. Once on my webhost and once on my local machine for development. Both of these installs were when I first set up Wordpress 6 or 7 years ago.
I've started from fresh again on my Mac, and wanted to test the new WordPress version works with my theme etc, so decided to set up MAMP and a fresh instal of WordPress. Started at 21:11 and finished at 21:32, following the instructions here: https://codex.wordpress.org/Installing_WordPress
SausageBap said:
To help with security, remove all users that have a username similar to your site. Install Wordfence, set limits on login attempts, you'll be amazed how many hack attempts you get.
This thread is the first time I've heard of Wordfence, I currently use Securi, will check out Wordfence too though.Hoofy said:
SausageBap said:
To help with security, remove all users that have a username similar to your site. Install Wordfence, set limits on login attempts, you'll be amazed how many hack attempts you get.
Yes, I was a bit nervous but now you've said that, I feel better.
If you install Wordfence, keeping an eye on the live visitors is quite interesting - quite surprising how many bots are looking for non existent pages following a hack attempt.
Craikeybaby said:
This thread is the first time I've heard of Wordfence, I currently use Securi, will check out Wordfence too though.
I use a simple .htaccess file to restrict access to wp-login.php and xmlrpc.php (another massive weak point)
AuthUserFile /home/vhosts/<sitename>/.htpasswd
AuthType Basic
AuthName "Do you have access rights for this?"
<Files "wp-login.php">
Require valid-user
</Files>
# deny access to xmlrpc.php
<Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>
Of course limiting login access in this way doesn't work so well if you want to permit multiple logins*, but in my case works for me as I'm the only person who ever needs to login.
- although for a few users you could create individual logins in .htaccess or permit a shared user / password combo.
MikeOxhard said:
Hoofy said:
SausageBap said:
To help with security, remove all users that have a username similar to your site. Install Wordfence, set limits on login attempts, you'll be amazed how many hack attempts you get.
Yes, I was a bit nervous but now you've said that, I feel better.If you install Wordfence, keeping an eye on the live visitors is quite interesting - quite surprising how many bots are looking for non existent pages following a hack attempt.
A user with IP address 50.163.212.201 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 5. The last username they tried to sign in with was: 'learn'
User IP: 50.163.212.201
User hostname: c-50-163-212-201.hsd1.pa.comcast.net
User location: Natrona Heights, United States
A user with IP address 94.181.151.30 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 5. The last username they tried to sign in with was: 'learn'
User IP: 94.181.151.30
User hostname: dynamicip-94-181-151-30.pppoe.penza.ertelecom.ru
User location: Penza, Russia
I have used the word "learn" in a couple of pages. It must be a bot. Who would think I'd create a login called "learn".
I believe there is a method for farming login names from wordpress that attackers will use, hence why you might see attempts to login with accounts that do exist.
Pretty sure other attempts will be methods of exploiting known vulnerabilities in plugins or just random stuff.
What I like a lot about wordfence is that they are very active in the security community in general. They also offer a site cleanup service to fix your site if it does get hacked.
Pretty sure other attempts will be methods of exploiting known vulnerabilities in plugins or just random stuff.
What I like a lot about wordfence is that they are very active in the security community in general. They also offer a site cleanup service to fix your site if it does get hacked.
Sorry it's off topic but I'm a recent Wordfence convert too. It's a bit horrifying to see how much activity is going on some weeks! I believe a lot of sites suffer with the XMLRPC issue which allows bulk brute force logins. This is when Wordpress feels a bit like a windows PC with no anti-virus!
_dobbo_ said:
I believe there is a method for farming login names from wordpress that attackers will use, hence why you might see attempts to login with accounts that do exist.
Pretty sure other attempts will be methods of exploiting known vulnerabilities in plugins or just random stuff.
What I like a lot about wordfence is that they are very active in the security community in general. They also offer a site cleanup service to fix your site if it does get hacked.
Yes, it is a function of WPScan.Pretty sure other attempts will be methods of exploiting known vulnerabilities in plugins or just random stuff.
What I like a lot about wordfence is that they are very active in the security community in general. They also offer a site cleanup service to fix your site if it does get hacked.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff