@qwinter I think most of the issues stem from
2.0 to be fair -
1.19.7 is stable with zero issues for me. What issues are you experiencing ?
I self host with Hetzner, and have no issues at all.
@Hari understood, but you should consider the basics which always work well if they are configured properly before taking the plunge into what cloudflare offer in terms of tunnels. It’s also perfectly feasible to create an SSH tunnel to access VirtualMin from the web GUI.
A much better method of security would be to place VirtualMin (the admin GUI interface) in an internal virtual adapter that is only accessible when using a VPN. This means that without accessing the VPN first, you cannot use the VirtualMin GUI.
It’s explained here in terms of setting up OpenVPN on VirtualMin/Webmin
Also, don’t be under any illusion that this will prevent a DDoS attack against your site. In most cases, the site itself is leveraged in the attach to overwhelm the server hosting it. There are numerous techniques you can deploy - I’ve of them being Fail2Ban which is actually installed with VirtualMin and ready to configure - and it’s working out of the box once VirtualMin is installed.
Clearly you don’t want to be putting your actual website behind a VPN. That would be little and would make your site fall into the deep web classification in the sense that it would never be crawled, meaning no SEO which I know is important for you.
It would be worth checking what your hosting provider has in terms of DDoS mitigation and if that extends to your VPS. In most cases, the host can prevent a raft of attacks from even hitting your server directly.
@Hari So they haven’t actually fixed it in the core…? You should not have to rely on extensions to effectively “patch in” what should have been in core from the first release
did I cry last night for an already fixed bug
You’ll be doing it again soon when you realize something else is missing and you’ll have to pay for an extension to fix it…
@qwinter this particular site uses the code I wrote if you want to see it in action. It’s a information and intelligence gatherer I designed for collecting various information security articles from around the globe and consolidating them in one place.
Essentially, each “post” is in fact generated by the script, and the NodeBB API.
Which plugin is that?
It’s part of core
@Hari Yes, I know… Sad, but true.
@qwinter I wouldn’t use
git push for this unless you are specifically looking for version control. I’d personally use the NodeBB API to do exactly this. I have some working code I can share to assist in this process. Essentially, you could just create your own RSS feed, and have NodeBB pull from that directly.
The code requires some PHP and the SimplePie library - have a look at this
Something similar I did when using Flarum. If you’d like an idea of how effective this can be, ask @JAC who I’ve written various customizations for over the years for sites that he’s run previously.
@qwinter I can’t agree with this more if I tried. All the points here are salient and resound perfectly with me as I’ve been in the same boat over the years. I’ve also seen my fair share of poorly designed WordPress sites that are so slow, you could actually get out and walk faster, or even draw the site on paper quicker yourself
Whilst I’ll always love WordPress for it’s simplicity and extensibility, it is the ultimate Dr Jekyll and Mr Hyde product and hard to achieve a balance between performance and security.
And BuddyPress? Don’t get me started. That project should never have been allowed to continue and should have been banned from the WordPress ecosystem.