Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Wordpress running on windows web servers

Posted on 2014-12-08
7
Medium Priority
?
95 Views
Last Modified: 2015-01-13
I am being asked to install plugins in our Server 2008 R2 web servers to allow WordPress to run on them. I am not familiar with these plugins and am concerned about allowing open source software to run in my Windows network. Do you have any experience / thoughts on this?
0
Comment
Question by:ICantSee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40486888
WordPress is run by something like 25% of all sites on the web, so I'm not sure what exactly concerns you.  Clearly, a huge chunk of people have gotten over whatever it is.

WordPress needs PHP and MySQL configured on IIS and works fine.  As far as concerns about open source software, I assume you mean security concerns but closed-source has its own share of issues too.  So to be perfectly safe, you could always use smoke signals? :)

On second thought, those are subject to the man-in-the-middle attack.
0
 

Author Comment

by:ICantSee
ID: 40486911
I thank you for your response but do not agree with your analogy.

Another way to look at it would be....

O.K.... I already have to be concerned with closed source vulnerabilities. Lets bring open source in so that we can double our concerns.
0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 1000 total points
ID: 40486973
Well, if security and open-source are your concerns, nothing I say here will probably convince you.  So ultimately you are going to go where your gut tells you to go and there's absolutely nothing wrong with taking a pass on open source stuff if you're not comfortable with it.

Having worked on both sides, I say that vulnerabilities are vulnerabilities. With open-source at least you know what they are and can work with the communities to stay up to date and secure.  WordPress, PHP, and MySQL are all stable, mature platforms with proven track records and enormous communities who rely on those things to make their living.  So there is a highly-motivated population helping with security concerns. Not all open-source projects have that advantage, so the smaller you go the fewer people are looking at it.  This is relevant to WordPress in terms of themes and plugins which are community contributed and do not always have to meet the same standards as the core.  

But security issues will persist no matter what choice you make.  So if you are at all unsure, stick with the devil you know.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40487004
Wordpress like Windows are major targets .. what you must do is keep the plugins up to date (I'm referring to Wordpress add-ons)
0
 
LVL 29

Accepted Solution

by:
Dan McFadden earned 1000 total points
ID: 40487072
I have run several open source CMS's on Windows servers running 2008 R2, 2012 and 2012 R2.  I have yet to have had an issue with these systems.

MySQL on windows server runs fine.  I have used in it production for web servers and as a backend storage system for an open source email system.  MySQL has a wide support base on all OS platforms.  Deploying it on a Windows server is no more scary than deploying MSSQL on a windows server.  Check out MariaDB as a drop-in MySQL alternative.

PHP, also has a widely supported OS base and is a mature scripting language for web-based systems.  Again, no reason to fear deploying it.  No more scary than deploying a ASP.NET based system.

You will have to deploy Fast-CGI on IIS in order to efficiently use PHP.  This plugin is from Microsoft, so it is not 3rd party or Open Source.  No fear...

As for Wordpress... as stated above, it is one of the most widely deployed CMS's on the planet.  As with all other software, there will always exist the possibility of vulnerabilities.  In order to address the risk associated with using any software (Open or Closed source) you have balance the needs of your users with the paranoia of being a Sys Admin.

Address those risks by:

1. maintaining the patch levels of the server OS
2. maintain the patch level of the database system
3. maintain the patch level of the CMS
4. try to avoid using default installation configurations
4. utilize best practices in hardening the deployment of:
 4a. the server OS
 4b. the db system
 4c. the web server software (IIS, Apache, NGix, etc.)
 4d. any add-ons required of the web app
5. be attentive to security and vulnerability alerts for your setup
6. monitor the appropriate logs (events, http, ftp, smtp, syslog, etc.)
7. develop a baseline usage pattern
8. watch for spikes in usage
9. know you servers and the software installed on them!

Being concerned about utilizing open source is the same as being concerned about using closed source.  Its a SysAdmin's job to be semi-paranoid and protective of the servers being managed.

Being afraid of using (limiting the use of) the appropriate software for the necessary job is at best silly and at worst limiting your ability to provide valuable support to your end-users needs.

Every OS has its place or fills a need.  This is valid for CMSs, DB systems, messaging systems, scripting or programming languages.

Dan
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40487136
Great answer, Dan.
0
 

Author Closing Comment

by:ICantSee
ID: 40547259
Awesome answers. I had taken your advice and implemented the plug-ins with the knowledge of how to protect and maintain them. Thank you.

Sorry I forgot to mark the question as answered.
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you think that WordPress is just for blogs?  Think again!  WordPress is really a fantastic all around platform that you can use to develop websites on.  Integrated into its basic functionality is the ability to create pages using your choice of a…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
The purpose of this video is to demonstrate how to Test the speed of a WordPress Website. Site Speed is an important metric of a site’s health. Slow site speed can result in viewers leaving your site quickly and not seeing your content. This…
The purpose of this video is to demonstrate how to integrate Mailchimp with WordPress, by placing a Mailchimp signup form on a WordPress Page or Post. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchi…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question