WordPress MU

TELL ME WHY HES SAYING THIS:
HOSTING ADMIN. DOES NOT RECOMEND INSTALLING WPMU
SAYS ITS A SECURITY RISK FOR THE SERVER AND OTHER CLIANTS
NEED DEDICATED SERVER

First of all, please do not post using all caps. It's not only annoying but can also be taken as rude.

As for the security risks, WPMU is no more of a risk than any other script out there. WordPress, which WPMU is based on, is a very secure platform. The only security risk you have with WPMU is if you were to add features or plugins and not secure them.

I think a host would be within their rights to prevent you from using WPMU on a shared server. Don't get me wrong, I'm a big fan of WPMU, but don't forget this is still pre-alpha software and some hosts specifically say that their shared servers shouldn't be used for any testing or scripts that aren't fully released yet.

I agree that a host would be within their rights to prevent you from running WPMU but only if their is a statement in the hosts TOS.

Although it can be argued that WPMU is "Pre-Alpha", it is obvious that wpmu is modestly stable and just as secure as WordPress itself. Any decent host would allow wpmu.

i have to disagree with andrew, wordpress is administered only by 1 admin, WPMU could have thousands of 'admins'. the security implications are many many times more serious. while WP had to worry mainly about securing the 'frontend', in WPMU the backend needs to be equally secure. example, user finds ways to post javascript=XSS attacks.

also, you WILL have to be adding themes, and most of these 'customisable' themes floating around have security holes in them.

I'm not about to start a spitting contest so i'll leave it at this :)

Any service is only as secure as it's admin makes it. WPMU itself, is secure. What COULD lead it to being insecure is:

1) Plugins or themes with vulnerabilities

2) Admins who do not know how to manage a server

At this point in the development of WPMU it's up to the user make sure that any theme or plugin they add is secure. A good bit of theme authors are designers, not programmers. This means that they may not fully understand what is secure and what's not.

If I download a theme for my personal blog I always have a looksy at the code to make sure everything is in order. I'd be crazy not to.

So in other words, as long as you have capable people managing a WPMU installation then it's secure otherwise I can definetly see how there could end up being security issues.

I guess I can also now understand why a host wouldn't want a wpmu installation on shared server. If the person who's running it is not capable then yeah it could be a security risk as far as the host is concerned.

So, legally, unless a host has a clause in their TOS that would cover this, they really can't say no other than maybe not letting you use wildcard dns. Otherwise, I can see where the host is coming from. In fact, if I were a host running a shared server, I would ask users not to use WPMU.