"briefly" compromised?

Posted Feb 23, 2016 11:38 UTC (Tue) by Felix (guest, #36445)
In reply to: "briefly" compromised? by rahvin
Parent article: Linux Mint downloads (briefly) compromised

> There are security exploits right down to root vulnerabilities in Wordpress discovered nearly every day.

I think you mean privilege escalation exploits *within Wordpress* so attacker get admin access for the Wordpress instance (and hence something like "shell access") - the ability of getting (Linux) root access is not affected by Wordpress (besides it being the initial attack target). However I have to say that Wordpress' auto-updates feature often makes it more secure than other PHP CMS systems which are updated ... very rarely (aka never).

"briefly" compromised?

Posted Feb 24, 2016 1:39 UTC (Wed) by rahvin (guest, #16953) [Link]

I did mean privilege escalation attacks. Wordpress may be better than the rest but it's still a nightmare to keep secure. No one in their right mind should be hosting anything other than the wordpress site on the same machine. It's a full time job to keep a wordpress site secure and even then there are so many zero day exploits that you will be exploited at some point. To host downloadable ISOs and a wordpress site on the same system is downright negligence IMO. Either someone thinks they are invincible or they are stupid.