141 - Feeling insecure about security (Part 2)

August 15, 2019 00:52:20
141 - Feeling insecure about security (Part 2)
WP Builds
141 - Feeling insecure about security (Part 2)

Aug 15 2019 | 00:52:20

/

Show Notes

[spp-player url="https://episodes.castos.com/wpbuilds/wpbuilds-episode-141.mp3"]

In this episode:

Discussion - Feeling insecure about security (Part 2) So this is part two of our discussion of WordPress security. I think you could well listen to this episode in isolation, but it might be better if you went back to episode 140 and finish that one first? I will leave that decision to you! A brief recap on last week though in case you don't want to do that. We discussed: We start the discuss this week listing out our experiences of the security solutions that we have come into contact with. This is certainly not and exhaustive list, and is not intended as a set of preferences. It's just what we've heard of and in most cases what we have tried out ourselves. I'm sure that you could add other plugins to the list and likely you have different opinions as to what works best in the environment that you have set up. Some of the security plugins feel a bit like car insurance in that you don’t know how good they are (for you) until something goes wrong. There is a whole lot of overlap too; many have features that are already taken care of in other way (ie. database prefixes, file permissions, strong passwords). One of the things that comes out of this discussion is that most people (including ourselves) don't really understand the implications of all of the options in these security solutions. We can read the help text that accompanies the check boxes or fields, but this only gives us a cursory understanding at best. As people who work with technology, I would say that non-technical website users would have even less of a clue and so that creates a problem for us. Should we tick boxes if we don't fully understand what we're doing? Should we stay with the default set up as we can have some confidence that this is what the developers of the plugin think is the 'best' set up out of the box? Beyond the options that we're presented with, do we even know what the plugin is doing for us on a day to day basis? If we get no alerts, does that really mean that all is well? The opposite might also be true, do we get so many email alerts that we simply never bother to open them because the last 241 emails contained the exact same text informing us that all is well and there's nothing to see here? Are we deploying multiple solutions into the same website and suffering from bloat and option overlap? I've heard that this happens quite a lot, the thought being that more layers of defence is better, but I'm really not too sure if it is. In fact might we be compromising both plugins if they're trying to do the same thing. Again, we're back to the problem that we don't really know what these solutions are doing. Towards the end of the episode we talk about what it is that we're actually doing in our businesses to promote security to our clients. David's list is as follows Nathan's list is as follows I'm sure that your set up is quite different, and I'd be really interested to hear your thoughts on this subject. You can leave comments below, or why not head over to the WP Builds Facebook group and get in on the conversation over there?

Other Episodes

Episode

August 29, 2019 00:49:49
Episode Cover

143 - Only doing what you're good at

[spp-player url="https://episodes.castos.com/wpbuilds/wpbuilds-episode-143.mp3"] In this episode: Discussion - Only doing what you're good at So we all build websites... we do don't we? Perhaps we...

Listen

Episode 0

April 04, 2023 01:29:41
Episode Cover

This Week in WordPress #247

The WordPress news from the last week which commenced Monday 27th March 2023.

Listen

Episode 0

March 23, 2020 00:28:43
Episode Cover

WP Builds Weekly WordPress News #106 - WordPress 5.4. RC3, COVID-19 impact and infinite light

[spp-player url="https://episodes.castos.com/wpbuilds/wpbuilds-news-106.mp3"] This weeks WordPress news - Covering The Week Commencing 16th March 2020: WordPress Core WordPress 5.4 RC3 Gutenberg 7.7 Ships Refreshed UI...

Listen