April 8, 2013 at 3:58 pm #34132
"I downloaded FileZilla and am trusting I’m safe using their software."
Filezilla comes with a couple of secure protocols... not just plainFTP, which is far from secure.
Check which secure Filezilla protocols the Synthesis people allow.April 8, 2013 at 4:03 pm #34134
The only thing I’m questioning about StudioPress
As far as I am aware, it's not something that is StudioPress related per se; they haven't disabled that edit option (otherwise, I'm sure there would be more people with questions) - so at this point, it looks like a Synthesis decision.
April 8, 2013 at 4:18 pm #34137
Carla the MooseParticipant
You're right, Susan. They say "we," but I think they really mean Synthesis. I'm just getting a repeated response from StudioPress support:
We have rolled out a change that turns the WordPress code editor off.
The reason for this is that, we have experienced large numbers of users crashing their sites by editing PHP from within WordPRess (a PHP application itself) we've removed the WP editor system wide.
You can use FTP and a text editor to achieve the same in a much safer fashion.
We also highly encourage backing up or making a copy of any files that you edit so that you can easily undo them should issues occur.
They are only indirectly referencing hackers/security and instead are focused on their customers as the cause of any problems. Yesterday I pasted some code from the Code Snippet page into the functions file, and my entire website shut down. I sent a support ticket. And now I'm being told that actions like what I did yesterday are the reason they're doing this. They said nothing about hacker vulnerability. They say this was a system-wide change, but I'm feeling like only a handful of customers have been hand-slapped and have had their WordPress edit features removed.
Now I need to examine the FileZiller software I download and somehow figure out how to evaluate it in terms of security protocols??? This is why I chose Synthesis. But now a third-party software program is involved, and I have no way of knowing if it's going to lead to more problems. And what's their support like? So let me guess: This is where people start chiming in about GREAT programs that have high-grade security in place, but are expensive to buy, right?
I'm totally baffled.April 8, 2013 at 4:44 pm #34141
If the reason is because people are crashing their sites by editing that's silly...it's just as easy to make the same edits and crash your site via ftp?April 8, 2013 at 5:02 pm #34144
Carla the MooseParticipant
It's even easier to screw up when using FTP.
You can inadvertently make edits directly in the parent files, thinking you're in the child files. Also, even though the sFTP access through Synthesis is secure, hence the s, there are still vulnerabilities.
CyberDuck, a free FTP client, was just recommended to me by StudioPress support and WP Engine. This is what they use. So I'm going to download that and join the ducks.April 8, 2013 at 5:03 pm #34145
^^ Exactly @ceeking! We can log into ftp to FIX a mistake, but shouldn't have to to make basic changes like color and font!April 8, 2013 at 5:22 pm #34147
I would recommend contacting the Synthesis staff about your concerns. These are community forums for StudioPress users. The vast majority are not Synthesis users and your concerns cannot be addressed by the users here effectively.
Update by GaryJ (as I can't re-open the thread):
While the origin of the problem does indeed lie with the Synthesis set up, this is a community for Genesis users - we help with plugin-related issues with Genesis, so we can help with hosting issues too, especially for something like this.
The WP editor is useful for updating CSS files, but it's poor for editing PHP files - one forgotten semi-colon, or some other syntax error, and the site will throw a white screen, then the only way to fix it is via FTP.
Filezilla and most decent hosting support SFTP, which is a secure version of FTP. Unless your whole site runs on SSL (starts with https://), then any changes you send via the WP editor could be sniffed out anyway. SFTP eliminates that risk, as well as putting general access to site files behind the extra username and password associated with FTP (and can be easily limited with certain IP addresses etc.), rather than just your WP password.
Learning how to use FTP is by far the better choice here.
The topic ‘The EDIT link in my WordPress Dashboard is missing’ is closed to new replies.