Saturday, June 23, 2007

Fear of WordPress

I agree with this assessment:

All of this leads to one simple conclusion: if you want install to WordPress on a public-facing web server, don't. And if you insist on installing it, then you need to watch the trac like a hawk and be ready to patch faulty files as soon as flaws are discovered, because the WordPress team simply doesn't take security seriously. Even then you won't be safe because there will always be undiscovered flaws and you never know when someone might come knocking. I am not the only one who thinks this.


James Farmer said...

Oh puhlease, really, I mean the guy actually suggests the only secure fix is to run MT sans comments.

Security holes (which are then patched) = software unusable... then it'd be time to drop every OS ap you've ever used, right?

Tom Hoffman said...

I would not recommend someone casually running WP on their own server, because the rate of problems lately has been so great. If they have a professional, such as yourself, taking care of it for them, that's different.

James Farmer said...

Hmmmm... I reckon it's just a particularly nasty hole... they could definitely have communicated it sooner (same goes for WPMU!) but all of us could always communicate better :)

Tom Hoffman said...

What worries me is the frequency with which the problems have been cropping up lately.