Systemd, yuck, no thanks. It seriously makes me consider moving to FreeBSD.

I knew you would come up with these articles. Those troll articles are filles with incorrect claims, things that are not PHP specific and outdated stuff. You only believe those stories because you want to believe them. Please, grow up.

Seriously, man: OpenBSD? Really?

As you can see, pointless flaming can be done about anything. If you want to critcize PHP, come up with some proper and valid arguments. Otherwise, you're nothing more than a loudmouth fanboy. I have several PHP websites running for many years, without a single hack, without a any significant downtime (besides server maintaince) and with proper speed. PHP is just a tool, it's the developer that makes it a good or bad website.

And there you have the reason why almost nobody uses OpenBSD.

No, most people want to run a simple PHP website (Wordpress, Drupal, etc). But since almost every modern CMS and framework require at least a simple form of URL rewriting (rewrite every request for a non-existig file to /index.php), OpenBSD's httpd is a no-go.

I understand they replaced nginx with something different. But why a half-finished webserver that doesn't even support things like URL rewriting. For those who seek a secure webserver, but with features to properly support the modern website/framework/CMS, try the Hiawatha webserver.

I'm talking about the Banshee PHP framework. I'm open to feedback. But when I get the usual vague claims about issues without any proof or pointless flaming about how it's not anything like Wordpress, then I'm out.

The issue described in this topic (cross-site scripting) is very old (about 15 years in this case). But so is its solution. The same goes for all other security issues. There is no reason and therefor no excuse to have such or any other known vulnerability in your website today. Specially because the solutions are very easy. Security is no rocket science!

The majority of all hack attempts are for SQL injection, cross-site scripting, cross-site request forgery, remote file inclusion, directory traversal, etc. You can look them up, there are even many websites dedicated to them (owasp.org for example). There is, I say it again, no excuse to not know about these vulnerabilities and to have one of them in your website.

The only web developers who still have such security bugs in their software are 1) lazy 2) incompetent 3) not interested in security or 4) have been asleep for 15 years. For whatever the reason is, it's not wise to use their software!/p.

I don't think you arguments are valid. There is much more between a free Wordpress website and a custom coded CMS + all the extra's. You know this. And sure you can setup a website in 20 minutes for free. But if that's the price you want to pay, than that's the quality you get. And btw, I also can setup a website within 20 minutes for free, but with a CMS that even the most skilled hacker will have a hard time with to hack.

And before you come up with "but my Wordpress websites also have never been hacked", I meant: hack-free without any update or me having to worry about its security.

Sorry, I'm not going to tell. Because everytime I did, the discussion ended in a useless flamewar with people coming up with all sorts of nonsense arguments that had nothing to do with security, just to criticize my framework. The framework I use is not 100% perfect. And of course it also can't be, because things like user-friendliness and shininess are very personal / subjective. But its security is good and I have years of hack-free websites to proof that. And several of those receive many daily attacks, because of the ICT-security-related content of the website.

My only point is: try to give security a higher priority and do some research before using a framework. There are many CMS'es out there which my not be as shiny as Wordpress but are more than good enough and have a better security than Wordpress.

A not-so-shiny CMS doesn't mean that the website you create with it can't be shiny. Those are two separate things. Of course, the actual website must be shiny, but the CMS should be (if you ask me) secure and trustworthy.

So, that left your website vulnerable for a few hours... again!

And being a prime target wouldn't be a problem if it had proper security...

And still we keep on using Wordpress. When will people start looking beyond a nice and shiny interface and put quality (which includes security) at the top of their priority list. When you made the first selection with that criterion, you can look for the most fancy interface. And don't give me the excuse of 'but my web editors have to be able to use it'. Bullshit, lame excuse. Fire them and hire more competent personnel or send them to a proper training.

And when the first plane crashes due to a bug in the pilot software, we all start wondering again if removing the pilot was a wise decision.

This whole Germanwings plane crash shows, again, one important thing: people suck at dealing with risks. Several hundred thousands of flights went well. The last incident with a pilot causing a plane to crash was back in 1995. The Germanwings plane crash was an incident. We must learn to treat it that way, as an incident. No reason to panic and start changing policies, rules and procedures. With every change, new risks and new ways of things to go wrong will be introduced. When that happens and you again make changes, you end up in a loop of changing things. The result: the changes will cost a lot of time, energy and money while the risks are not reduced.

We need to start accepting that risks are part of our life. Unacceptable risks need to be dealt with, but more important: acceptable risks should be accepted, even when they occur!!!!