I just read Mario’s post on Digizen discussing IT Damager’s post about the constant security updates at WordPress. Now I know I am a fanboy and all, but the long list of security-related updates that IT Damager references in his post is certainly a concern (and even a fanboy needs to throw a curve ball once in a while). Ironically, Patrick brought up the security fix to me the other day and I kind of shrugged it off, while taking a snipe at Drupal, oh- how sharper than a serpents tooth is a fanboy’s ingratitude! Sorry Patrick!
We are on the verge of a pretty awesome multi-user environment that promises to open up some really interesting possibilities for faculty, students and administration alike. Nonetheless, when I read a post that notes “that every single update to WordPress over the last 2 years has been security related” -I have to pause for a moment and wonder if the WordPress community doesn’t need to start working together a bit more closely to understand this serious recurring issue. I guess its time for me to get off the carousel of denial and look a bit more closely at some of these issues.
At Northern Voice last February, Chris Lott noted that the WordPress code was a bit ugly (my quote, not his), and Lloyd Budd was both eager and quick to suggest otherwise. But when the tale of the tape comes out with a less than impressive record of security exploits, I think one might begin to wonder if Chris has a point. Now that won’t stop me from pushing on with my favorite web-based publishing platform, as well as continuing to experiment with all its excessive goodness. However, that post did give me a bit of pause in regards to thinking about running an “enterprise” application like WordPress when the security issues often require administrator privileges. Within a WPMu environment every blog comes with an admin user that can potentially hi-jack the entire site using these WordPress exploits.
So, to echo the Damager, “I am not sure what it will take to get the WordPress team to write secure code, but I think the community should do nothing short of demand it.”