Wordpress running on windows web servers

I am being asked to install plugins in our Server 2008 R2 web servers to allow WordPress to run on them. I am not familiar with these plugins and am concerned about allowing open source software to run in my Windows network. Do you have any experience / thoughts on this?
ICantSeeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason C. LevineNo oneCommented:
WordPress is run by something like 25% of all sites on the web, so I'm not sure what exactly concerns you.  Clearly, a huge chunk of people have gotten over whatever it is.

WordPress needs PHP and MySQL configured on IIS and works fine.  As far as concerns about open source software, I assume you mean security concerns but closed-source has its own share of issues too.  So to be perfectly safe, you could always use smoke signals? :)

On second thought, those are subject to the man-in-the-middle attack.
0
ICantSeeAuthor Commented:
I thank you for your response but do not agree with your analogy.

Another way to look at it would be....

O.K.... I already have to be concerned with closed source vulnerabilities. Lets bring open source in so that we can double our concerns.
0
Jason C. LevineNo oneCommented:
Well, if security and open-source are your concerns, nothing I say here will probably convince you.  So ultimately you are going to go where your gut tells you to go and there's absolutely nothing wrong with taking a pass on open source stuff if you're not comfortable with it.

Having worked on both sides, I say that vulnerabilities are vulnerabilities. With open-source at least you know what they are and can work with the communities to stay up to date and secure.  WordPress, PHP, and MySQL are all stable, mature platforms with proven track records and enormous communities who rely on those things to make their living.  So there is a highly-motivated population helping with security concerns. Not all open-source projects have that advantage, so the smaller you go the fewer people are looking at it.  This is relevant to WordPress in terms of themes and plugins which are community contributed and do not always have to meet the same standards as the core.  

But security issues will persist no matter what choice you make.  So if you are at all unsure, stick with the devil you know.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

David Johnson, CD, MVPOwnerCommented:
Wordpress like Windows are major targets .. what you must do is keep the plugins up to date (I'm referring to Wordpress add-ons)
0
Dan McFaddenSystems EngineerCommented:
I have run several open source CMS's on Windows servers running 2008 R2, 2012 and 2012 R2.  I have yet to have had an issue with these systems.

MySQL on windows server runs fine.  I have used in it production for web servers and as a backend storage system for an open source email system.  MySQL has a wide support base on all OS platforms.  Deploying it on a Windows server is no more scary than deploying MSSQL on a windows server.  Check out MariaDB as a drop-in MySQL alternative.

PHP, also has a widely supported OS base and is a mature scripting language for web-based systems.  Again, no reason to fear deploying it.  No more scary than deploying a ASP.NET based system.

You will have to deploy Fast-CGI on IIS in order to efficiently use PHP.  This plugin is from Microsoft, so it is not 3rd party or Open Source.  No fear...

As for Wordpress... as stated above, it is one of the most widely deployed CMS's on the planet.  As with all other software, there will always exist the possibility of vulnerabilities.  In order to address the risk associated with using any software (Open or Closed source) you have balance the needs of your users with the paranoia of being a Sys Admin.

Address those risks by:

1. maintaining the patch levels of the server OS
2. maintain the patch level of the database system
3. maintain the patch level of the CMS
4. try to avoid using default installation configurations
4. utilize best practices in hardening the deployment of:
 4a. the server OS
 4b. the db system
 4c. the web server software (IIS, Apache, NGix, etc.)
 4d. any add-ons required of the web app
5. be attentive to security and vulnerability alerts for your setup
6. monitor the appropriate logs (events, http, ftp, smtp, syslog, etc.)
7. develop a baseline usage pattern
8. watch for spikes in usage
9. know you servers and the software installed on them!

Being concerned about utilizing open source is the same as being concerned about using closed source.  Its a SysAdmin's job to be semi-paranoid and protective of the servers being managed.

Being afraid of using (limiting the use of) the appropriate software for the necessary job is at best silly and at worst limiting your ability to provide valuable support to your end-users needs.

Every OS has its place or fills a need.  This is valid for CMSs, DB systems, messaging systems, scripting or programming languages.

Dan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason C. LevineNo oneCommented:
Great answer, Dan.
0
ICantSeeAuthor Commented:
Awesome answers. I had taken your advice and implemented the plug-ins with the knowledge of how to protect and maintain them. Thank you.

Sorry I forgot to mark the question as answered.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
WordPress

From novice to tech pro — start learning today.