1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Would running wamp as a webserver for wordpress cause a significant security risk?

Discussion in 'Blogging' started by Ranko Jones, Sep 23, 2011.

  1. Ranko Jones

    Ranko Jones BANNED BANNED

    Joined:
    Mar 3, 2011
    Messages:
    1,677
    Likes Received:
    146
    I would only be running blogs on my vps to index backlinks so not too worried about the content but wouldn't want anyone screwing up the setup.

    People are saying it poses a security risk and so I shouldn't do it.

    Is this a significant risk and/or can I take measures to prevent it so I can still run a free webserver on my vps?
     
  2. Biggles

    Biggles Registered Member

    Joined:
    Jun 19, 2011
    Messages:
    61
    Likes Received:
    25
    It all depends on you. If it's setup properly, WAMP is perfectly secure and works fine. Make sure you set strong passwords etc.

    That said, only go for WAMP if you already have a Windows VPS. Linux is a better OS for use as a server otherwise. Lower resource usage, more guides, fewer config issues, cheaper and you'll have much better uptime with a Linux box since few of the updates ever need a reboot.

    EDIT - Apache is the most popular webserver worldwide, being free has nothing to do with security.
     
    • Thanks Thanks x 2
  3. blahson

    blahson Newbie

    Joined:
    Aug 16, 2011
    Messages:
    14
    Likes Received:
    1
    Make sure you install latest updates for WAMP and Wordpress etc. Also depending on your server as well. Make sure to have a firewall installed otherwise some competitors can get nasty.
     
    • Thanks Thanks x 1
  4. Ranko Jones

    Ranko Jones BANNED BANNED

    Joined:
    Mar 3, 2011
    Messages:
    1,677
    Likes Received:
    146
    Yes I already have a windows vps which is why I thought it would be a good option to setup the blogs on there. Gives me more control and all if it was going to be feasible.
     
  5. roberteb

    roberteb Regular Member

    Joined:
    Oct 30, 2010
    Messages:
    402
    Likes Received:
    120
    Location:
    UK
    My prefered option would be a Linux box for stability, speed and security. WAMP is great and I use it for testing but I'd hesitate opening up to the outside world with out a hardware firewall (same with Linux of course) and you really need to know what you're doing when hardening a Windows server.
     
  6. judson

    judson Power Member

    Joined:
    Nov 29, 2009
    Messages:
    530
    Likes Received:
    319
    Occupation:
    Fulltime Newbie IM
    Location:
    Sub Ubi
    I thought even the Wamp guys did not really recommend running it in production.

    The problem is that *all* of the tools in the WAMP stack actually started life in the LAMP stack, and have patchy performance on Windows. Its like trying to use a Ferrari on a dirt track. Sure, it will run. Should you be doing it though?

    You then have the small issue too, of some WP plugins not playing nice with windows.

    Oh yeah, securing windows *can* be more difficult than *nix.

    The short version. If you need to ask, don't. The only people who do fully understand the tradeoffs they are making. If you are serious about keeping your sites up and running and secure, I wouldn't.
     
  7. darkmonk

    darkmonk Regular Member

    Joined:
    Nov 21, 2007
    Messages:
    226
    Likes Received:
    52
    How did they solve the VC runtime version issue between apache and php on windows? Does Wordpress play nice on IIS, could you run IIS 7.5 instead?

    Does anyone know of specific issues with WAMP as opposed to general assumptions about Linux vs Windows?

    I only ask because I am thinking about the same thing as the OP. I don't really have any OS preference, I like tinkering with everything. I have some Linux boxes and I have not been that impressed with the current state of performance vs. Win2008R2 + IIS 7.5 in terms of memory utilization, but I haven't tried putting Wordpress on a Win2008 server yet. I am thinking of trying it to get better performance for the $. Now, to be fair, part of this could be because the default packages on CentOS enable *everything* in the httpd config. I've been going through and tuning, but tempted to throw some stuff up on a Win2008R2 vps.

    I was looking to dual host Wordpress blogs + some ASP.NET code, either on Linux with mod_mono or on win2008r2. TBH, I'm tired of dealing with package dependency hell on CentOS.

    What specific security problems are there on Win2008R2 that are more cumbersome/troublesome than keeping up with Linux patches? The patch reboot issue is a valid concern if you need high availability. There is also the issue of Microsoft occasionally releasing bad patches that take down the entire server, I have been victimized twice by this on one of my main development machines (Hyper-V on a laptop). But those are admin/maintenance issues. What about security?