Language Selection

English French German Italian Portuguese Spanish

Keeping a Web Site Safe and Available With or Without a CDN

Filed under
Site News

PostgreSQL

THE site Tux Machines is and has been online for over 15 years. It has not suffered security-related incidents. The same is true for Techrights, which soon turns 13. Tux Machines uses Gallery and Drupal, whereas Techrights uses MediaWiki, WordPress and Drupal. WordPress is its most important component as it contains over 26,000 posts. Tux Machines has about 130,000 nodes in Drupal. We don't use a CDN as we have a reasonably powerful server that can cope with the load on its own. For security we use best practices and keep critical issues plugged. I was recently asked for advice on these matters and explained things as follows.

There are mainly two types of attacks (maybe three if one includes social engineering, e.g. tricking a citizen journalist/blogger/administrator into a trap):

1) capacity-based, e.g. DDOS attack

2) exploiting vulnerabilities to degrade/compromise site's quality of service (similar to (1) above but not the same), access site data (confidential), spy on people (writers/staff/visitors) without them being aware.

WordPress runs lots of stuff and powers a lot of the Web, maybe 20% (or more) of today's Web sites. It's regularly checked for security issues and bugs are regularly fixed. Updates can be set to automatic, which means they happen in the background without user intervention. I check the site for updates several times per day, e.g. this one from yesterday.

I've used WordPress for 15 years as an early adopter and developer.

What's known as the "core" of WordPress is generally secure if kept up to date, manually or automatically (for large sites it might make sense to apply patches manually to reduce risk of unnoticed incidents and enable quality control, patch assessment etc). It's also important to keep the underlying operating system and pertinent packages like PHP (programming language), mysql/psql (WordPress and Drupal typically use MariaDB or MySQL as the database, but PostgreSQL should be possible too) and Apache (there are simpler alternatives e.g. NGINX for Web server) up to date.

If we get to keep everything up to date, and moreover we don't install WordPress extensions that cannot be trusted or are no longer maintained (or scarcely maintained), we should be OK. The social engineering part involves stuff such as phishing, e.g. someone sending out an E-mail in an attempt to obtain passwords of privileged users.

If you use a CDN for content distribution, e.g. CloudFlare, then availability will be mostly down to the CDN company. WordPress generates pages on the fly (dynamic), but it has caching mechanisms that can be further improved with extensions. The CDN likely obviates the need for those. So, if the site is receiving 'too many' requests, the CDN can probably scale to deal with that (maybe a more expensive protection plan).

I peronsally would never use CloudFlare (for a lot of reasons), but to many people it's the only CDN that 'counts' or exists. Brand recognition perhaps.

More in Tux Machines

WordPress 5.3 “Kirk”

5.3 expands and refines the block editor with more intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers more control over the look of a site. This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the block editor. Creating beautiful web pages and advanced layouts has never been easier. Read more

Proprietary Software From OnlyOffice and Microsoft

  • OnlyOffice, the Open Source Office Suite Apis Now Available on Flathub

    Big fan of productivity software? If so, you may be interested to know that the OnlyOffice Desktop Editors are now available on Flathub. Yes, Flathub, aka the de facto app store for Flatpak, the cross-distro containerised app distribution method.

  • ONLYOFFICE Desktop Editors Now Available To Install On Linux From Flathub

    ONLYOFFICE Desktop Editors, a free and open source office suite that offers text, spreadsheet and presentation editors for the Linux, Windows and macOS desktops, is now available on Flathub for easy installation (and update) on Linux distributions that support Flatpak. Flathub is an app store and build service for Linux that distributes applications as Flatpak packages, which allows them to run on almost any Linux distribution. ONLYOFFICE Desktop Editors allows creating, viewing and editing text documents, spreadsheets and presentations with support for most popular formats like .docx, .odt, .xlsx., .ods, .pptx, .csv and .odp. Its website claims it has the "highest compatibility with Microsoft Office formats".

  • How to get Microsoft core fonts on Linux

    Linux is an open-source operating system. As a result, it is missing some critical components that users of proprietary operating systems enjoy. One big thing that all Linux operating systems miss out on is proprietary fonts. The most used proprietary fonts out there today are the Microsoft Core Fonts. They’re used in many apps, development, and even graphics design projects. In this guide, we’ll go over how to set them up on Linux. Note: not using Ubuntu, Debian, Arch Linux, Fedora, or OpenSUSE? Download the generic font package here and install the fonts by hand.

IEI's and Arbor Technology's Linux-Ready Devices

  • IEI ITG-100AI DIN-Rail Rugged mini PC Comes with a Myriad X AI Accelerator Module
  • Compact Kaby Lake signage player has dual 4K HDMI ports

    Arbor’s rugged, Linux-friendly “IEC-3900” signage player has a 7th Gen U-Series Core CPU, dual independent 4K HDMI ports, 4x USB 3.0 ports, M.2 SATA storage, and a 130 x 124 x 35mm footprint. Arbor Technology, which recently introduced a rugged ELIT-1930 signage player based on Intel’s 8th Gen Coffee Lake, has now launched an even more rugged signage system with a much more compact form factor that runs on a 7th Gen Kaby Lake processor. The 130 x 124 x 35mm, 0.73 kg IEC-3900 runs Linux or Win 10 on a dual-core, 2.8GHz/3.9GHz Core i7-7600U or 2.6GHz/3.5GHz Core i5-7300U.

today's howtos