• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

Anyone using Wordpress to post vehicle inventory?

Jump to latest Follow Reply
#51
Just for AI giggles.

hey ChatGPT!
how secure is word press ?

ChatGPT:
WordPress can be secure if it's maintained properly, but like any web platform, it also has vulnerabilities. Here's an assessment of WordPress security:

Core Security

  • Well-Maintained: The core WordPress software is actively maintained, and security patches are released regularly.
  • Security Team: WordPress has a dedicated security team that collaborates with the global community to identify and patch vulnerabilities.

Potential Vulnerabilities​

  1. Plugins and Themes:
    • Third-party plugins and themes can introduce vulnerabilities if not properly vetted or maintained.
    • Outdated or poorly coded plugins are a common source of security issues.
  2. Brute Force Attacks:
    • The default WordPress login page is a frequent target for brute force attacks.
  3. User Roles and Permissions:
    • Incorrect role assignment or permissions can lead to unauthorized access.

Best Practices​

  1. Keep Software Updated:
    • Regularly update WordPress core, plugins, and themes to the latest versions.
  2. Use Trusted Plugins/Themes:
    • Only use well-reviewed plugins and themes, and remove those that aren't actively maintained.
  3. Security Plugins:
    • Install security plugins like Wordfence or Sucuri for enhanced protection, including firewalls and malware scans.
  4. Strong Passwords:
    • Use strong passwords for all accounts, especially administrators.
  5. Two-Factor Authentication:
    • Enable two-factor authentication (2FA) for additional login security.
  6. Backup:
    • Regularly back up your WordPress site to ensure you can restore it in case of an attack.

Summary​

WordPress can be secure if regularly updated and maintained, and if best practices like strong passwords, secure plugins, and backups are followed. However, it's not immune to attacks, especially when users neglect updates or install vulnerable plugins.



NOTE:
I do agree with the statement that any site can be vulnerable. You also need to stay up-to-date with the coding language and server versions. Word Press is just notorious like Windows because end users don't stay on top of updates.
 
#52
Carsten said:
You are like one of very few people that I have come across who have gotten away without having an issue.

Script kiddies learn on WP sites.

This is just a well know fact in the coding world.

You really need to stay on constant updates for WP and make sure you have Database backups.

I can provide some phone numbers for friends who took the easy way out and later got hit.

Services like Wix do great because they monitor like crazy.
Click to expand...
What would you recommend we do @Carsten? Migrate to another platform? What is your background in this area? I see that you're a vendor but the company site listed in your profile is not active.
 
#56
@Dan Sayer

For the vendor thingy, I didn't really know what to choose when I signed up here and vendor seemed the most fitting since I am working on my own proprietary system. Obviously, I have a lot to learn and I'm always willing to learn.

As for what I would recommend:
Make sure that WP is updated religiously and that you have daily backups of your DB and if you don't monitor your site daily, then make sure that you have a backup of your data on timely basis in case you do have to roll back your db. But chatGPT also mentioned this.

Migrating to another platform most likely doesn't make sense until it happens. You did say you have been clear so far of carnage, so why change?

For replacing WP, I'd need to ask a whole slew of qualifying information questions since you didn't mention why and what for you use WP. What's your use case?
 
#57
Carsten said:
@Dan Sayer

For the vendor thingy, I didn't really know what to choose when I signed up here and vendor seemed the most fitting since I am working on my own proprietary system. Obviously, I have a lot to learn and I'm always willing to learn.

As for what I would recommend:
Make sure that WP is updated religiously and that you have daily backups of your DB and if you don't monitor your site daily, then make sure that you have a backup of your data on timely basis in case you do have to roll back your db. But chatGPT also mentioned this.

Migrating to another platform most likely doesn't make sense until it happens. You did say you have been clear so far of carnage, so why change?

For replacing WP, I'd need to ask a whole slew of qualifying information questions since you didn't mention why and what for you use WP. What's your use case?
Click to expand...
We're not planning on replacing our WP sites. You were highly critical of using WP so I just wondered if you had an opinion of another industry automotive website platform. We are using DDC for our "have to have" OEM sites but bury them when able. We did just replace our two WP Kia sites because the co-op incentive and incentive was too great to not just go with a Kia provider. What proprietary system are you working on @Carsten? I see you active on DR and wondered what your experience was and assume you are working on something for the automotive retail space?
 
#58
Carsten said:
Just for AI giggles.

hey ChatGPT!
how secure is word press ?

ChatGPT:
WordPress can be secure if it's maintained properly, but like any web platform, it also has vulnerabilities. Here's an assessment of WordPress security:

Core Security

  • Well-Maintained: The core WordPress software is actively maintained, and security patches are released regularly.
  • Security Team: WordPress has a dedicated security team that collaborates with the global community to identify and patch vulnerabilities.

Potential Vulnerabilities​

  1. Plugins and Themes:
    • Third-party plugins and themes can introduce vulnerabilities if not properly vetted or maintained.
    • Outdated or poorly coded plugins are a common source of security issues.
  2. Brute Force Attacks:
    • The default WordPress login page is a frequent target for brute force attacks.
  3. User Roles and Permissions:
    • Incorrect role assignment or permissions can lead to unauthorized access.

Best Practices​

  1. Keep Software Updated:
    • Regularly update WordPress core, plugins, and themes to the latest versions.
  2. Use Trusted Plugins/Themes:
    • Only use well-reviewed plugins and themes, and remove those that aren't actively maintained.
  3. Security Plugins:
    • Install security plugins like Wordfence or Sucuri for enhanced protection, including firewalls and malware scans.
  4. Strong Passwords:
    • Use strong passwords for all accounts, especially administrators.
  5. Two-Factor Authentication:
    • Enable two-factor authentication (2FA) for additional login security.
  6. Backup:
    • Regularly back up your WordPress site to ensure you can restore it in case of an attack.

Summary​

WordPress can be secure if regularly updated and maintained, and if best practices like strong passwords, secure plugins, and backups are followed. However, it's not immune to attacks, especially when users neglect updates or install vulnerable plugins.



NOTE:
I do agree with the statement that any site can be vulnerable. You also need to stay up-to-date with the coding language and server versions. Word Press is just notorious like Windows because end users don't stay on top of updates.
Click to expand...

Those issues are all end-user issues, not WordPress issues. I'd compare all of these to buying a vehicle, not doing oil changes, leaving your windows down, keys in the ignition, and doors unlocked while parking at Wal-Mart. Is that the car's manufacturer's fault when something happens or the end-user?

WordPress in itself is a secure platform, it's the end-user who makes it vulnerable.

The sheer volume of WordPress sites makes a hack seem more extreme than another platform. 800+ million sites are currently running WordPress, Shopify is next with around 70 million websites. Why wouldn't hackers attempt to exploit WordPress? That's like fishing in the ocean vs a farm pond trying to catch the biggest fish.
 
  • Like
Reactions: Chris Cachor, Dan Sayer and Ryan Everson
#59
Ryan Everson said:
There's no need for an industry specific Wordpress plugin nowadays.

Automotive Wordpress Tech Stack:
  1. Advanced Custom Fields (create custom post type and fields for inventory)
  2. WP All Import (import inventory feed on cron schedule)
  3. Algolia (API based search)
Click to expand...
Have you developed a site with these items? Any direction you can point me to find out more information?

Do you use this in your organization? If not; why not!
 
#60
@csabatka1 I politely somewhat disagree. This is software we are talking about. Developers can/will make mistakes. Do not fall for the line that WP is secure. Microsoft and Apple have security issues. WP like any software can be comprised by the language that is based on too. WP has gotten better over the years but it's still like you pointed out, a "fun" target since many of those 800 million people don't have an idea and lots of companies don't harden their customers sites either. I got made fun of recommending WIX, but they do try to make sure that they hardened WP.

As for the end user. Yes, very true. But consider what chatGPT provided. Plugins which is what makes WP so powerful also introduce attack vectors. Developers who put together WP sites don't scan the plugins. This is like cell phone users who download the latest app to only have it end up being a hack.

Without plugins ... WP is rather limited.

@Dan Sayer
I am very new to the software side of the dealer industry. I am not sure who DDC is. I do know from checking out a lot of sites that I've come across here or in the wild and only the lazydays guys caught my eye. I didn't agree with their UI choices for who I think their target customer is but what I saw going on was hot. Speed and scores were pretty impressive. I have been toying with an idea to try to get into the dealer websites. I don't think I'm crazy enough to consider doing a DMS. There really isn't much to dealer websites. A few pages with either direct calls to the backend / DB or calling data with an API. And then throwing on some filters and sort options. IF you are NOT getting high 80's at least on lighthouse ... I'd be asking a lot of questions. No lighthouse isn't the only factor for SEO but yes, it does matter.

My experience? I sort of recently left a major enterprise company that every one here knows. Most of you probably have used code that I or my team had written. I currently work at a smaller corporation but still entrprise level. I don't touch code as much as I used to. I've done smaller agencies before too and if you duck hunt you might know a few sites I was involved in. A majority of my experience is at the ecommerce level. I remember WP from when it really was a script kiddies training ground. There is even a ecommerce application which was named by a buddy who used me as his inspiration. If not mistaken, this BBS Xenforo is a step child of vBulletin. I've haunted lots of open source projects.


So, yes, I speak up when it comes to software things. I'm not a salesman trying to hawk my wares on here. I am learning a lot from everyone so I'm trying to share what I know in a way to try to give back too. I don't have to defend my position from a sales standpoint. It's a fine line though, I want to see DR being active. Keeping the forums active is a good thing, But, I'm also not wanting to be that Karen neighbor who drives everyone out of the neighborhood either.
 
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Menu