[wp-hackers] wordpress security

Stephen Rider wp-hackers at striderweb.com
Thu Oct 22 02:50:35 UTC 2009

On Oct 21, 2009, at 9:23 PM, William Canino wrote:

>> probably not for the vast majority.  It could be done with a  
>> plugin, and is probably best left to a plugin.
> Is it because you think plugins --- most of which are maintained by
> one or two people only and who don't use a peer-review VCS --- are
> less vulnerable to security holes or attacks?

No.  It's because I think automatic updates would cause problems for a  
large number of installs, and wouldn't work anyway on a lot of  
installs, and because those who do need it could use a plugin.  Core  
features should be those things that are useful for *most* users.

I'm not to familiar with the Core Update code, but I'm guessing  
there's a core function that could be called to do the job, so  
creating a plugin would just be a matter of triggering that core  
function at the appropriate time.


Stephen Rider

More information about the wp-hackers mailing list