[wp-hackers] wordpress security

Nathan Rice ncrice at gmail.com
Fri Oct 16 15:10:28 UTC 2009

On Fri, Oct 16, 2009 at 11:02 AM, Otto <otto at ottodestruct.com> wrote:

> True, but an automatic email notification to the admin would just have
> lots of people asking us how to turn it off.

Then give them a way to turn it off.

> You can't make people do something they don't want to do. If they
> don't want to be active about it, then continuously annoying them
> ain't gonna do it.

I wouldn't call it an annoyance, any more than the update notifier at the
top of the dashboard is annoying. If WordPress wants to save its reputation
from people who blame every exploit in it, then it needs to do everything
possible to get people to upgrade.

If the user turns off email notifications, then at least they can't blame
WordPress. There needs to be a way people can receive notifications
passively, without having to actively seek them out (logging into the
dashboard, subscribing to a feed, etc.).

Instead of berating people for being normal and non-geeks, why not just give
them a useful feature that will help them stay secure. What's the harm in

> If somebody wants to get a notification of new releases, then here's
> the feed you'll want to subscribe to:
> http://wordpress.org/development/category/releases/feed/
> Promote that feed however you like. Create automated emails based on
> it if you wish.
Never gonna happen. And I don't blame them. If I was just a WP user, and not
in the business full-time, I doubt very seriously that I would 1. log into
my dashboard every day or 2. subscribe to a WP RSS feed. And because of
that, I would be at risk.

Why not just eliminate that risk?

More information about the wp-hackers mailing list