On a tangent, I imagine PHP is still one of the most used backends. Wordpress uses PHP and I wouldn’t be surprised if 50% or more of the websites I visited are Wordpress sites. So I guess many others experience the same?
Very widely used still and well maintained. It’s been a good options since 7 came around. Most of the hate IMO comes from people who were working with PHP4/5 code or people who just saw PHP4/5 code and think that’s what the language is today.
Don’t wanna hate but maybe this will stir the pot: any time I go to a website and go “this is definitely Wordpress” I’m usually right (I check with the Webappalyzer extension).
It really depends on how much customization has gone into the site. TechCrunch, Wired, and TIME all use WordPress for example, but their theme is customized to the point where you can’t really tell that it’s WordPress. There are some ways to tell though, for example some of the larger sites are hosted by Automattic (these say “powered by WordPress VIP” in the footer), and /wp-admin usually still works to go to the login page.
Yeah, that’s a fair point. I’ve been surprised to see a website is Wordpress from time to time.
As far as /wp-admin goes, I know all about that! Any web server I’ve run is constantly overrun with bots trying to hack it. A lot of times I configure nginx to simply drop connections to any URL ending in .php or GZIP bomb.
I’ve looked into it a few times and it just seemed complicated to do within a Docker container but I could be wrong. I might have ChatGPT guide me on that endeavor.
But I also recommend you to change the SSH port to another, is simple and pretty effective as all those bots are always using the default port and not doing a deep scan.
Thanks! Though I’m mainly only wanting to protect ports 80 and 443. Usually when it comes to web apps I Dockerize it and call it a day, so there is no SSH daemon hanging around.
Yeah, this stat is always a bit dubious sounding to me (how much of it is blogspam?), but WP is still much more prevalent than most devs seem to realize.
Modern-day Hack (the language PHP uses) looks pretty different to PHP, and the runtime is a complete rewrite rather than a fork. HHVM uses C++ while PHP uses C.
That’s true, it would be more accurate to say that much of the web uses PHP or Hack, a PHP derivative. I think I was moreso thinking along the lines of the previous comments about the hatred for PHP being more of a meme at this point than a reality
On a tangent, I imagine PHP is still one of the most used backends. Wordpress uses PHP and I wouldn’t be surprised if 50% or more of the websites I visited are Wordpress sites. So I guess many others experience the same?
Very widely used still and well maintained. It’s been a good options since 7 came around. Most of the hate IMO comes from people who were working with PHP4/5 code or people who just saw PHP4/5 code and think that’s what the language is today.
Don’t wanna hate but maybe this will stir the pot: any time I go to a website and go “this is definitely Wordpress” I’m usually right (I check with the Webappalyzer extension).
It really depends on how much customization has gone into the site. TechCrunch, Wired, and TIME all use WordPress for example, but their theme is customized to the point where you can’t really tell that it’s WordPress. There are some ways to tell though, for example some of the larger sites are hosted by Automattic (these say “powered by WordPress VIP” in the footer), and
/wp-adminusually still works to go to the login page.Yeah, that’s a fair point. I’ve been surprised to see a website is Wordpress from time to time.
As far as
/wp-admingoes, I know all about that! Any web server I’ve run is constantly overrun with bots trying to hack it. A lot of times I configure nginx to simply drop connections to any URL ending in.phpor GZIP bomb.I suppose you also configure some
fail2banrules to ban those bots. Seems to be the easier way.I’ve looked into it a few times and it just seemed complicated to do within a Docker container but I could be wrong. I might have ChatGPT guide me on that endeavor.
There is a guide how to protect password brute force over SSH, which is the most attacked https://medium.com/@bnay14/installing-and-configuring-fail2ban-to-secure-ssh-1e4e56324b19
But I also recommend you to change the SSH port to another, is simple and pretty effective as all those bots are always using the default port and not doing a deep scan.
Thanks! Though I’m mainly only wanting to protect ports 80 and 443. Usually when it comes to web apps I Dockerize it and call it a day, so there is no SSH daemon hanging around.
Oh well, I only run services on my cloud, so I need to get SSH to manage them. hehehe 😄
Yeah, this stat is always a bit dubious sounding to me (how much of it is blogspam?), but WP is still much more prevalent than most devs seem to realize.
Plus, Facebook literally forked PHP and still uses it, and is one of the most popular sites on the internet
Modern-day Hack (the language PHP uses) looks pretty different to PHP, and the runtime is a complete rewrite rather than a fork. HHVM uses C++ while PHP uses C.
That’s true, it would be more accurate to say that much of the web uses PHP or Hack, a PHP derivative. I think I was moreso thinking along the lines of the previous comments about the hatred for PHP being more of a meme at this point than a reality