[wp-hackers] wordpress security

Chris Jean gaarai at gaarai.com
Mon Oct 19 21:12:44 UTC 2009

The only thing that has been established is that this is a controversial
issue and that people on this list cannot agree on what type of person
represents the average WordPress user.

The set of WordPress blog admins does not equal the set of people who
are savvy enough to install notifications plugins. Claiming such is

I would wager that the set of people who don't know of the existence of
such a plugin nor are knowledgeable about the value of such a plugin far
exceeds the population of the set of people who regularly update their
WordPress install with the latest version.

Let's all keep in mind that not everyone who uses WordPress thinks like
you, me, or most of the people on this list. In addition, not everyone
who uses WordPress uses it like we do. I'm sure that just this list's
sampling of users will show a huge diversity in ways of using WordPress.

Summarily dismissing a concept that could, at least in theory, help
reduce the attack profile of WordPress sites as a whole due to either
our or an imagined group of complainers' perceived annoyance is absurd.

Why don't we ask people if they like the idea? I sent a question out on
Twitter the other day:

    Would you like it if your WordPress site sent you an email telling
    you when a new version was available with a simple link to upgrade?

Since I don't have a large follower count, I only got five responses
about the question. However, those five people all said that they would
like it:

    * @david_north: yes I would.
    * @mattdanner: yes
    * @brigwyn: ... you got my vote!
    * @bryceraley: why yes sir? always innovating, and always
      appreciated! /[odd response but still supportive]/
    * @dannygsmith: That could be very useful for casual users. Not
      everyone follows the forums, or pays attention.

I'd like to note that none of these people are hardcore developers, and
I don't believe any of them are on this list. In addition, it seems that
only one of them knew about the plugin as @brigwyn first said that there
is a plugin for that. I told him that there is a suggestion to add it to
WordPress itself, and he said that he supports the idea.

I know that a small group of five people doesn't really constitute a
raving demand, but it does show that more than just a couple of people
here like the idea.

I propose that we ask a wider group. I'm going to send Jeffro a request
to put out a poll to get a bigger set of feedback with a wider audience
than just this list.

Chris Jean

scribu wrote:
> I thought we had established that blog admins are savvy enough to install
> the mail notification plugin.

More information about the wp-hackers mailing list