Comment on Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
Alphane_Moon@lemmy.world 1 week ago
Representatives for developers of the remaining three plugins couldn’t be reached because they provided no contact information on their sites.
You’re asking for trouble is you’re using such random plugins on a production sites.
Pechente@feddit.org 1 week ago
oh boy, the average wordpress site has like 30 plugins and the top bar is getting cluttered with so many plugin upsells that it fills the whole screen. There’s a huge industry of people making wordpress sites who shouldn’t.
It’s quite frustrating to be asked as a dev to “fix” people’s site as my usual response is “shut it off and redo it well”.
bjoern_tantau@swg-empire.de 1 week ago
It’s really a shame because by now WordPress itself actually works quite well. Sure, it’s fueled by unspeakably ugly spaghetti code. But at least it’s unspeakably ugly spaghetti code that works and receives regular automatic updates.
And other than putting up a verification program I don’t see what they could do to improve the plugin situation.
Pechente@feddit.org 1 week ago
I agree. I don’t hate wordpress. It seems a bit dated by today’s standards and bloated in some aspects but you can definitely make a solid, fast website with it. It’s getting a bad reputation for its toxic plugin dev scene and crappy sites built using Elementor.
nerdovic@feddit.de 1 week ago
Elementor shudders
AbidanYre@lemmy.world 1 week ago
Regular automatic updates on ugly spaghetti code feels like it’s just asking for trouble.
bjoern_tantau@swg-empire.de 1 week ago
Image
sugar_in_your_tea@sh.itjust.works 1 week ago
Theoretically, someone could untangle the spaghetti. Nobody will, but automatic updates at least opens up the possibility.
maynarkh@feddit.nl 1 week ago
And this is why I hate the state of the whole hacking scene and that now nation states are also carrying out en masse attacks. Everyone should be free to make a site on Wordpress or whatever. If they can’t, that’s how we get everyone on like 3 corporate platforms like Facebook.
Alphane_Moon@lemmy.world 1 week ago
Funnily enough, I was hearing this from developers in the early 2010s when I was just starting my career (IT adjacent, but not a developer).
AA5B@lemmy.world 1 week ago
Seriously, people have been saying this stuff about WordPress as long as it’s been around, and I’m always surprised that it still exists. This was definitely one of those technologies that sounded bad enough that it could never last. Joke is on me. Of cour pose I thought the same with JavaScript but was forced to learn it last year
orclev@lemmy.world 1 week ago
Use TypeScript. It’s still built on a giant steaming pile of shit but at least if you’re careful most of your own code can be reasonably correct.