Comment on Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
Alphane_Moon@lemmy.world 4 months ago
Representatives for developers of the remaining three plugins couldn’t be reached because they provided no contact information on their sites.
You’re asking for trouble is you’re using such random plugins on a production sites.
Pechente@feddit.org 4 months ago
oh boy, the average wordpress site has like 30 plugins and the top bar is getting cluttered with so many plugin upsells that it fills the whole screen. There’s a huge industry of people making wordpress sites who shouldn’t.
It’s quite frustrating to be asked as a dev to “fix” people’s site as my usual response is “shut it off and redo it well”.
bjoern_tantau@swg-empire.de 4 months ago
It’s really a shame because by now WordPress itself actually works quite well. Sure, it’s fueled by unspeakably ugly spaghetti code. But at least it’s unspeakably ugly spaghetti code that works and receives regular automatic updates.
And other than putting up a verification program I don’t see what they could do to improve the plugin situation.
Pechente@feddit.org 4 months ago
I agree. I don’t hate wordpress. It seems a bit dated by today’s standards and bloated in some aspects but you can definitely make a solid, fast website with it. It’s getting a bad reputation for its toxic plugin dev scene and crappy sites built using Elementor.
nerdovic@feddit.de 4 months ago
Elementor shudders
AbidanYre@lemmy.world 4 months ago
Regular automatic updates on ugly spaghetti code feels like it’s just asking for trouble.
bjoern_tantau@swg-empire.de 4 months ago
Image
sugar_in_your_tea@sh.itjust.works 4 months ago
Theoretically, someone could untangle the spaghetti. Nobody will, but automatic updates at least opens up the possibility.
maynarkh@feddit.nl 4 months ago
And this is why I hate the state of the whole hacking scene and that now nation states are also carrying out en masse attacks. Everyone should be free to make a site on Wordpress or whatever. If they can’t, that’s how we get everyone on like 3 corporate platforms like Facebook.
Alphane_Moon@lemmy.world 4 months ago
Funnily enough, I was hearing this from developers in the early 2010s when I was just starting my career (IT adjacent, but not a developer).
AA5B@lemmy.world 4 months ago
Seriously, people have been saying this stuff about WordPress as long as it’s been around, and I’m always surprised that it still exists. This was definitely one of those technologies that sounded bad enough that it could never last. Joke is on me. Of cour pose I thought the same with JavaScript but was forced to learn it last year
orclev@lemmy.world 4 months ago
Use TypeScript. It’s still built on a giant steaming pile of shit but at least if you’re careful most of your own code can be reasonably correct.