11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

aMember vs. PHPMembers

by Bob Stovall
8 replies
I couldn't find a thread on this - although I can't imagine it hasn't bee covered.

I am setting up a membership area for a client inside a Joomla 1.5 powered websites. Of aMember and PHPMembers, which would be the best to use as far as ease of installation, setup and use goes?

Thanks in advance,
Bob
#amember #phpmembers
  • Profile picture of the author TheRichJerksNet
    Hi Bob,
    The last thing I would use would be joomla for a membership site. Any site that is open source and can and is being hacked I would seriously stay away from for a membership site.

    James
    {{ DiscussionBoard.errors[1808346].message }}
    • Profile picture of the author Bob Stovall
      Originally Posted by TheRichJerksNet View Post

      Hi Bob,
      The last thing I would use would be joomla for a membership site. Any site that is open source and can and is being hacked I would seriously stay away from for a membership site.

      James
      Thanks for the input, James.

      I see a lot of people I respect using WordPress, Joomla and Drupal for membership sites and wondering why they do if they are so hackable?

      Bob
      Signature
      WordPress for Real Estate tested themes and plugins
      Online Marketing for Mobile Home Communities
      {{ DiscussionBoard.errors[1808506].message }}
  • Profile picture of the author Johnny Slater
    James is correct. When you create a membership site using open source software such as joomla or wordpresss you're asking to be hacked. Just search this forum and see how many posts there are where someone posted saying their wp run site has been hacked.

    So many people use solutions that integrate joomla and wordpress into a membership site because it is fairly easy to do and does not require a big learning curve. However, these people are sacrificing true security for ease of use. Some people do not realize just how easy it is to hack a server that has a joomla or wordpress script istalled on it.

    No matter how secure someone says their code is, if it's built around open source software there will be thousands of people who know how to hack your site before you even put it online. The most secure coding in the world will do you no good if someone can hack your wordpress install and get full access to everything on your server.
    Signature

    {{ DiscussionBoard.errors[1808611].message }}
  • Profile picture of the author Bob Stovall
    AJ,

    We are looking to protect video tutorial files which are in a section of the website. the client wants to prevent access to non-members, but also to prevent downloads by members as well.

    He has set the site up in Joomla, because he wants to maintain content himself and doesn't know the first thing about HTML or PHP.

    Johnny, I hear what you are saying. If someone has access to the code, they can find a way around your security. But is it as easy to hack the amember or phpmembers protected sections of an OpenSource hosted site as it is the unprotected parts.

    I'm doing a little risk assessment here so I can pass the info on to the client.

    Bob
    Signature
    WordPress for Real Estate tested themes and plugins
    Online Marketing for Mobile Home Communities
    {{ DiscussionBoard.errors[1808691].message }}
    • Profile picture of the author Johnny Slater
      They don't try to hack the amember or phpmember sections. They hack the opensource code which gives them full access to your server. Then they can access everything because they are now in full control of the server and everything on it. If even one tiny hole is exploited then the entire server is at risk. Once they get server access they can see and access every file on your site.

      EDIT:::

      Please understand that James and I are not just saying that they can bypass security measures and download your content for free. We are saying that sites using opensource code have known exploits that give someone full access to the server just as if they were you logged into your hosts Control Panel. Stealing your downloads is a small issue compared to the risks that open source code bring into play. Using exploits someone could wipe out entire sites, or even crash the server and cause complete meltdowns.

      Originally Posted by Bob Stovall View Post

      Johnny, I hear what you are saying. If someone has access to the code, they can find a way around your security. But is it as easy to hack the amember or phpmembers protected sections of an OpenSource hosted site as it is the unprotected parts.
      Bob
      Signature

      {{ DiscussionBoard.errors[1808723].message }}
      • Profile picture of the author Bob Stovall
        Wouldn't that also apply to all open source code on a server, such as php, apache, etc. or for that matter, html? Or Linux or FreeBSD?
        Signature
        WordPress for Real Estate tested themes and plugins
        Online Marketing for Mobile Home Communities
        {{ DiscussionBoard.errors[1808796].message }}
        • Profile picture of the author Johnny Slater
          Scripts such as WordPress have massive amounts of security holes and have thousands of people who have nothing better to do than try to figure out how to exploit them.

          php is a programming language and that is exactly what people are hacking when they hack Wordpress. Wordpress is written in php and the php code that powers Wordpress is not designed with security in mind. There are countless places in the code that allow someone to take over a site.

          The issue is not a matter of what language something is written in, the issue is that with open source you have thousands of people digging through the code every second of every day. Security holes are well documented in thousands of web sites across the internet.

          With custom built solutions there are still the possibilities of areas of code that could be exploited, but when your talking about a few hundred or a few thousand people who have access to the code the likelyhood of exploits drops to nothing.

          Also, with open source when an exploit is found it may take weeks or months before an update is released that closes the hole. There really is no such thing as support on open source code and it's use at your own risk.

          With custom built solutions you have a support option and when an exploit is found it can be closed off and an upgrade released in a matter of a few hours or a few days.

          Open source has never been secure and never will be because the the code is open to anyone with an internet connection and the code comes from contributions from thousands of users who want function and don't care about security. Custom solutions are always designed with security in mind and will always be way more secure than anthing open source.

          Originally Posted by Bob Stovall View Post

          Wouldn't that also apply to all open source code on a server, such as php, apache, etc. or for that matter, html? Or Linux or FreeBSD?
          Signature

          {{ DiscussionBoard.errors[1808851].message }}
        • Profile picture of the author TheRichJerksNet
          Originally Posted by Bob Stovall View Post

          Wouldn't that also apply to all open source code on a server, such as php, apache, etc. or for that matter, html? Or Linux or FreeBSD?
          Pretty much Johnny summed it up, I know many will disagree because they live for those plugins and junk they can just plop in and have a site in 15 minutes. What many do not realize is we are not only talking about protecting your "content"

          * What about users emails
          * What about user personal information
          * What about other sites on your server

          And this list can go on and on, to me customers information should be the "first" thing that matters to anybody. This is exactly why I custom code all my scripts and exactly why I use SSL on sites that transfer personal data.

          Security is one thing many open source code developers never think about. Some try to justify using that free stuff by "well if someone really wants to hack you they will get in" ... This is BS, while I will agree nothing is 100% secured this does not mean that you should not take proper steps to secure your site.

          How does this strike you:

          The past five years has seen the popularity of blogs grow in their use and as a means of making money. That's the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

          The sites that are targeted are open source due to the fact they are distributed to the masses.

          James
          {{ DiscussionBoard.errors[1809600].message }}

Trending Topics