Solved

Wordpress running on windows web servers

Posted on 2014-12-08
7
87 Views
Last Modified: 2015-01-13
I am being asked to install plugins in our Server 2008 R2 web servers to allow WordPress to run on them. I am not familiar with these plugins and am concerned about allowing open source software to run in my Windows network. Do you have any experience / thoughts on this?
0
Comment
Question by:ICantSee
7 Comments
 
LVL 70

Expert Comment

by:Jason C. Levine
Comment Utility
WordPress is run by something like 25% of all sites on the web, so I'm not sure what exactly concerns you.  Clearly, a huge chunk of people have gotten over whatever it is.

WordPress needs PHP and MySQL configured on IIS and works fine.  As far as concerns about open source software, I assume you mean security concerns but closed-source has its own share of issues too.  So to be perfectly safe, you could always use smoke signals? :)

On second thought, those are subject to the man-in-the-middle attack.
0
 

Author Comment

by:ICantSee
Comment Utility
I thank you for your response but do not agree with your analogy.

Another way to look at it would be....

O.K.... I already have to be concerned with closed source vulnerabilities. Lets bring open source in so that we can double our concerns.
0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 250 total points
Comment Utility
Well, if security and open-source are your concerns, nothing I say here will probably convince you.  So ultimately you are going to go where your gut tells you to go and there's absolutely nothing wrong with taking a pass on open source stuff if you're not comfortable with it.

Having worked on both sides, I say that vulnerabilities are vulnerabilities. With open-source at least you know what they are and can work with the communities to stay up to date and secure.  WordPress, PHP, and MySQL are all stable, mature platforms with proven track records and enormous communities who rely on those things to make their living.  So there is a highly-motivated population helping with security concerns. Not all open-source projects have that advantage, so the smaller you go the fewer people are looking at it.  This is relevant to WordPress in terms of themes and plugins which are community contributed and do not always have to meet the same standards as the core.  

But security issues will persist no matter what choice you make.  So if you are at all unsure, stick with the devil you know.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
Wordpress like Windows are major targets .. what you must do is keep the plugins up to date (I'm referring to Wordpress add-ons)
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 250 total points
Comment Utility
I have run several open source CMS's on Windows servers running 2008 R2, 2012 and 2012 R2.  I have yet to have had an issue with these systems.

MySQL on windows server runs fine.  I have used in it production for web servers and as a backend storage system for an open source email system.  MySQL has a wide support base on all OS platforms.  Deploying it on a Windows server is no more scary than deploying MSSQL on a windows server.  Check out MariaDB as a drop-in MySQL alternative.

PHP, also has a widely supported OS base and is a mature scripting language for web-based systems.  Again, no reason to fear deploying it.  No more scary than deploying a ASP.NET based system.

You will have to deploy Fast-CGI on IIS in order to efficiently use PHP.  This plugin is from Microsoft, so it is not 3rd party or Open Source.  No fear...

As for Wordpress... as stated above, it is one of the most widely deployed CMS's on the planet.  As with all other software, there will always exist the possibility of vulnerabilities.  In order to address the risk associated with using any software (Open or Closed source) you have balance the needs of your users with the paranoia of being a Sys Admin.

Address those risks by:

1. maintaining the patch levels of the server OS
2. maintain the patch level of the database system
3. maintain the patch level of the CMS
4. try to avoid using default installation configurations
4. utilize best practices in hardening the deployment of:
 4a. the server OS
 4b. the db system
 4c. the web server software (IIS, Apache, NGix, etc.)
 4d. any add-ons required of the web app
5. be attentive to security and vulnerability alerts for your setup
6. monitor the appropriate logs (events, http, ftp, smtp, syslog, etc.)
7. develop a baseline usage pattern
8. watch for spikes in usage
9. know you servers and the software installed on them!

Being concerned about utilizing open source is the same as being concerned about using closed source.  Its a SysAdmin's job to be semi-paranoid and protective of the servers being managed.

Being afraid of using (limiting the use of) the appropriate software for the necessary job is at best silly and at worst limiting your ability to provide valuable support to your end-users needs.

Every OS has its place or fills a need.  This is valid for CMSs, DB systems, messaging systems, scripting or programming languages.

Dan
0
 
LVL 70

Expert Comment

by:Jason C. Levine
Comment Utility
Great answer, Dan.
0
 

Author Closing Comment

by:ICantSee
Comment Utility
Awesome answers. I had taken your advice and implemented the plug-ins with the knowledge of how to protect and maintain them. Thank you.

Sorry I forgot to mark the question as answered.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
In order to have all security and back ups taken care of, WordPress users can sign up for services with WP Engine.
This video teaches users how to migrate an existing Wordpress website to a new domain.
The purpose of this video is to demonstrate how to integrate Mailchimp with WordPress, by placing a Mailchimp signup form on a WordPress Page or Post. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchi…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now