[wp-hackers] wordpress security

William Canino william.canino at googlemail.com
Thu Oct 22 02:23:08 UTC 2009


> Can you imagine the outcry if WP forced an update that crashed a site? There
> are loads of users who wouldn't have a clue what to do and those that don't
> visit their site every day could end up losing search engine listings,
> visitors, and money.

... as opposed to an attack crashing their site and WP not forcing an
update while it knew about it?

> Methinks there would be some very angry people checking in with
> the WP community to say their website was completely down while they were
> not looking.

... as opposed to an attack crashing their site, eh?

> probably not for the vast majority.  It could be done > with a plugin, and is probably best left to a plugin.

Is it because you think plugins --- most of which are maintained by
one or two people only and who don't use a peer-review VCS --- are
less vulnerable to security holes or attacks?



2009/10/21 Stephen Rider <wp-hackers at striderweb.com>:
>
> On Oct 21, 2009, at 9:07 PM, Mike Schinkel wrote:
>
>> On Oct 21, 2009, at 9:56 PM, Lynne Pope wrote:
>>>
>>> Can you imagine the outcry if WP forced an update that crashed a site?
>>> There
>>> are loads of users who wouldn't have a clue what to do and those that
>>> don't
>>> visit their site every day could end up losing search engine listings,
>>> visitors, and money.
>>
>> It's really a shame when one group of people decide what's good for
>> everyone else and then block those that want/need it.
>>
>> WordPress could easily have an "Advanced Options" area that allowed
>> auto-update be turned on with full warnings for those who know what they are
>> doing.
>
> Ironically, I find myself on the exact opposite side of a virtually
> identical argument from earlier today.  Auto-updates may be a great idea for
> some people, but probably not for the vast majority.  It could be done with
> a plugin, and is probably best left to a plugin.
>
> Just my 2 bits.
>
> Stephen
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list