Least terrifying way to make a public blog

I don’t see how a file waiting in moderation would ‘tear’ through a site before it gets moderated. It isn’t any more active than the message. If the file can’t be linked or run until after moderation you are safe. However I would use a good anti virus that ideally scans the file upon upload but at least scanned before posting. This would require some control or access at the server so that the appropriate scripts can be accessed. Best setup is your own server, dedicated server, or full control virtual machine. A Linux server can do all this and more without any fancy GUIs.

So he wants to pay for the site but not for the daily upkeep? Even his car needs maintenance if it is to remain safe. He should budget for human moderation, it can’t be totally automated.

As for plugins I can’t help much there but am confident that WP can do the job with the right planning.

If the file can’t be linked or run until after moderation you are safe.

Excellent – good to know. I was just afraid someone could…I don’t know, log in and post some code that would attack something, or upload something nasty that, once it hit the server, it would start chewing through everything.

But yeah, I have the same feeling – if he wants this type of thing, he should be willing to pay for moderation of it, be it his own time or paying someone else to do it (I’m not a moderator LOL).

But thanks for the tips, that helps things a little bit ??

Well, there is potential for malicious activities. Once a file is uploaded it is then living on the server, so it could be then used to “run” on the server, in the context of whatever user runs the web server services. The uploader would need to know the address of the uploaded file, but I expect uploading gives you that info.

My thoughts on this,

first WP Upload has a limit on the file-types, you can set it in the admin. I don’t think it is foolproof, but it should help limit most users to only uploading,say, JPG, GIF, and mp3.

second, an outside-the-box approach: Just get the guy a second server (hosting plan), totally separate from the first. A 2nd hosting plan will cost less than hiring a moderator: under $10/month probably. I can’t guarantee this makes you any safer, but just in case something happens: only the Listener Blog would go down, not his other site. You can keep frequent backups (perhaps using the Database Backup plugin and a Chron job, and/or running a chron via your host to backup the whole site/folder), so you can always restore if there’s a problem.

Once a file is uploaded it is then living on the server, so it could be then used to “run” on the server, in the context of whatever user runs the web server services.

How would that file “run”? It isn’t an attachment to a crappy email app or some desktop application that could be fooled into running it. unless the file is fed into a process that could execute a file under *any* circumstances it isn’t going to happen. The danger is posting the file that could be malicious and that danger is to the downloader not the server. You have to attack the server which could happen without any posting rights or even having WP at all.

My fear would be a cheap owner that thinks a one time payment buys perfection forever.

How would that file “run”?

It would run by someone (IE the uploader) executing it by loading the uploaded thing into their web browser. If the uploaded thing then contained server-executable code, it would be executed. (As it would be living on the web server.)

(That is unless I am mistaken and WP doesn’t actually upload its uploads to the web server directly.)

EDIT –

Well, I am mistaken, WP doesn’t let you upload any old rubbish. ??

Thanks again, all – this is definitely going to help a lot. I have a phone call with this client to go over all of this stuff tomorrow. The ability to upload *anything* makes me nervous (and I should say that the guy isn’t cheap – he’s paying a pretty penny for this site, and he’s got 16 WP installations so far for this place alone. Long story as to why – but I’m one of about 15 people working on this site, my job is the blogs. So he’s definitely not cheap, but he would like to remain within a budgeted amount, and his show is publicly funded (NPR)).

But anyway, if I *can* limit what’s uploaded to only images and sound files – that’s actually perfect. I guess one of my big fear is someone logging in and writing code directly into the post area, and somehow manipulating the database and compromising the server itself – but I believe the newest release of WordPress just took care of that issue.

I’m going to look further into these restrictions – it may be that WP has what he wants by default, and that would be cool.

EDIT: cool. I actually found a plugin that will have a user-interface for editing what Mime types can be uploaded. This might be what I need – just thought I’d mention it in case anyone else needs this.

By the way, I thought WP had an Option for setting the Upload-able file-types but I just checked and WP 2.2.2 doesn’t seem to have it (under Admin > Options > Miscellaneous). I can’t recall for sure if that was in a previous WP. I am glad you found a plugin for it.

Doodles, just keep good back-ups so you can always restore. You have a cool project going, it sounds like. You never know about the security, even of regular WP with 1 author. You notice they come out with ‘security fixes’ from time to time… it would be great if 2.2.2 fixed everything but it’s questionable

Have you read this page? Has security tips
https://codex.www.ads-software.com/Hardening_WordPress

Thanks for that Gold – I’ll definitely look into that link and see what else I can do to keep it all safe. I do think it’s all getting worked out though, the more I look into this, the more it seems feasible to do. (And they *did* get someone to moderate, so that will help as well!)

Thanks a bunch all ??