[wp-hackers] wordpress security

mccormicky mccormicky at gmail.com
Mon Oct 19 21:19:36 UTC 2009


Exactly who do you need to coddle here?
There are users who may not be savvy enough to have a plugin that tells them
they need to upgrade but they have an install modern enough to have the
update nag.


There are have users savvy enough to not only have a plugin that emails them
they can also install wpmu
they don't need an email or a plugin to tell them they need to upgrade.

There are users able to update their installs via svn,
they don't need an email or a plugin to tell them they need to upgrade.

There are users still running old wps because they depend on old plugins
that have *probably been moved to core but are either unaware or ignorant of
the fact they could upgrade without losing the functionality of the plugin.
They can't see either the upgrade nag because this is not available in their
install versions
so it follows that an email would not get to them because they would not
have the install with this function.

Seems to me the people most needing help are the last group.
They need to be told and told often that they need to upgrade for security
and that keeping old versions for the sake of plugins or fear of change
is unwise.Too bad they would be left out of this entire argument by the fact
they would not have a wordpress that would have the upgrade nag or an
upgrade alert email.
So its up to the blogosphere to convince them. Although I really think
people this out of it cannot be helped.

I also think that not doing something because 25 people will complain about
it but 200,000 will be helped is not reasonable.


On Mon, Oct 19, 2009 at 4:33 PM, scribu <scribu at gmail.com> wrote:

> On Mon, Oct 19, 2009 at 11:24 PM, Jeremy Clarke <jer at simianuprising.com
> >wrote:
>
> > On Mon, Oct 19, 2009 at 4:05 PM, Otto <otto at ottodestruct.com> wrote:
> > > 2. You're assuming that there exists some subset of people whom a) do
> > > not do upgrades regularly now and b) would be motivated to do so by
> > > receiving an email to that effect. I submit that this assumption is
> > > seemingly based on nothing whatsoever, as I am unable to find any
> > > support for this notion in any support forums, blog posting, comments
> > > on blog postings, or indeed in any other part of reality as I can
> > > currently perceive it. This subset of people appears, to me, to be
> > > some idealized notion, a blog owner who is truly helpless and unable
> > > to do something as simple as actually look at his own website from
> > > time to time, despite somehow continuing to write posts on it and
> > > possibly even interact with people through it. Not only that, but if
> > > this mythical blogger was, say, hacked, then he'd be upset for being
> > > so, despite having not looked at the back end of the site in the last
> > > couple of months...
> >
> > I'll point out that I, as well as a number of other people in this
> > thread, have specifically stated that we ourselves would profit from
> > this, so it's not an idealized notion, its a group of people who you
> > just claimed don't exist while in conversation with them.
> >
> > It's also pretty unrealistic to expect all blog admins to visit the
> > sites they manage on a regular basis. Not only are they likely to set
> > up sites for friends (who may or may not use them regularly) but in my
> > experience there are a lot of times when you're managing sites that
> > are basically retired, but that you don't want to take down because
> > you don't like dead links on the internet. In both of these cases
> > (which I think account for a lot of the people on this list who said
> > it would be useful to them) the email feature would be both a handy
> > reminder on top of your other organizational tactics and potentially
> > the only thing that would ever remind you that the site exists and
> > needs attention (whether it turns out that attention is to be upgraded
> > or deleted due to being dead/never-used).
> >
>
> I thought we had established that blog admins are savvy enough to install
> the mail notification plugin.
>
>
> --
> http://scribu.net
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list