Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Secure PHP Comments Section

Options
  • 03-06-2015 4:53pm
    #1
    dahayeser
    Registered Users Posts: 155 ✭✭


    I am putting together a website with PHP. I decided to stay away from WordPress which I used in the past because of all the upgrading and plugins breaking on upgrade among other reasons and have built it from scratch.

    I would like to add a comments section to various articles that I add to the site. At this point I have got a bit lazy and rather than re inventing the wheel and potentially making a bit of a mess of it, I'd like to plug something in.

    I like what the journal have -
    http://www.thejournal.ie/denis-o-brien-rte-2139278-Jun2015/

    I am just wondering what options are out there with security being the primary concern.

    Thanks
    Tagged:


Comments

  • Options
    #2
    deconduo
    Moderators, Computer Games Moderators Posts: 4,281 Mod ✭✭✭✭deconduo


    dahayeser wrote: »
    I am putting together a website with PHP. I decided to stay away from WordPress which I used in the past because of all the upgrading and plugins breaking on upgrade among other reasons and have built it from scratch.

    I would like to add a comments section to various articles that I add to the site. At this point I have got a bit lazy and rather than re inventing the wheel and potentially making a bit of a mess of it, I'd like to plug something in.

    I like what the journal have -
    http://www.thejournal.ie/denis-o-brien-rte-2139278-Jun2015/

    I am just wondering what options are out there with security being the primary concern.

    Thanks

    Something like disqus maybe, all you need to do is drop it in.

    https://disqus.com/websites/


  • Options
    #3
    fcrossen
    Registered Users Posts: 241 ✭✭fcrossen


    dahayeser wrote: »
    I decided to stay away from WordPress which I used in the past because of all the upgrading and plugins breaking on upgrade among other reasons and have built it from scratch.

    Seeing as you say security is the primary concern I would not write an entire CMS from scratch.

    The biggest problem with Wordpress is inexperienced users using plugins that come from dubious sources, are untested, unsupported, etc. I use Wordpress a lot. A *lot* and it is rock solid. However I am pretty careful about plugin use. A plugin can execute any code you want. There is nothing in Wordpress to stop a malicious plugin (for example) from dropping your database and deleting your wp-content directory.

    If you are having Wordpress problems then I am guessing you are doing something the wrong way.


  • Options
    #4
    dahayeser
    Registered Users Posts: 155 ✭✭dahayeser


    Thanks deconduo,

    Have you used disqus yourself? I had a really quick look and I here were my initial thoughts -

    Good
    It's simple to include - just add a piece of JS to your page
    The content is stored off site on disqus servers, does not interact with your database, therefore very secure

    Bad
    Because it is included via JavaScript it provides no SEO value (no big deal really)
    You need to manually create a new forum on disqus site for each page you want to add comments to

    All in all it looks like it could be a good solution for me. Definitely worth following up on. I'd be interested to hear your take on it if you have used it.



    fcrossen,
    When I say security is a primary concern I mean in the area where I specifically invite user interaction via comments. Possibly allowing them to post html. Sanitising regular parameters is fine. I am quiet strong on the security area so am happy enough to handle it for the rest of the site.

    On WordPress, you are have a point. I used WordPress some time back without a great understanding of how to build on it. I though it was gods gift, saved me aton of coding. After neglecting to upgrade the site got infected. WordPress because of its popularity is targeted and when vulnerabilities are discovered they are quickly publicised. After learning the hard way I vowed to upgrade religiously. Then I found some of the plugins I had installed weren't forward compatible not immediately anyway.

    I also found a lot of plugins did close to what I wanted but not exactly it. Maybe a lot of this is down to my in experience and failure to give it time but I just decided to building a light weight solution to suit my own limited needs where I had fill control wa the best plan.


  • Options
    #5
    deconduo
    Moderators, Computer Games Moderators Posts: 4,281 Mod ✭✭✭✭deconduo


    dahayeser wrote: »
    Thanks deconduo,

    Have you used disqus yourself?

    I haven't actually used it myself, but I've seen it implemented on a couple of sites. I've heard good things about it though.


  • Options
    #6
    Talisman
    Registered Users Posts: 6,035 ✭✭✭Talisman


    dahayeser wrote: »
    On WordPress, you are have a point. I used WordPress some time back without a great understanding of how to build on it. I though it was gods gift, saved me aton of coding. After neglecting to upgrade the site got infected. WordPress because of its popularity is targeted and when vulnerabilities are discovered they are quickly publicised. After learning the hard way I vowed to upgrade religiously. Then I found some of the plugins I had installed weren't forward compatible not immediately anyway.
    WordPress has had automatic updates for maintenance and security issues for about 2 years now.


  • Advertisement
Advertisement