Time to Leave WordPress?

So, WordPress has had another major security problem. While I realize that no system is ever fully secure, it seems that WordPress has been having more than its fair share of issues. There was the “highly exploitable code” in May 2007. Then there was the December 2007 update to version 2.3.2, “an urgent security release that fixes a bug that can be used to expose your draft posts. 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations. Get 2.3.2 now to protect your blog from these disclosures.” Then in February of 2008, there was the urgent update to version 2.3.3 to fix a bug that “would allow a user to edit posts of other users on that blog.” These, of course, were just the major issues. There were some other run-of-the-mill security updates along the way, the kind you expect with any online software.

I’m updating another WordPress blog that I run while writing this post. I had literally just written the following: “So far, I have been fortunate enough to avoid any real problems as a res,” when I found some spam files in my wp-content folder.

It’s disappointing that there are so many gaps in the pre-release security testing. On the one hand, it is free software, so perhaps I shouldn’t complain too much. On the other hand, it is free software owned by Automattic, which has parlayed the free labor it receives to help it build this software into a company worth $150-200 million, not to mention that there are a number of competitors with similar offerings.

To be honest, I probably won’t change any current blogs I’ve got on WordPress, but it makes me VERY hesitant to recommend it to any clients, and my next blog venture (whatever that may be), just might use MTOS.

Hat tip to David Russell for being the first one to mention the security issue to me. Unfortunately, his problems resulting from the latest WordPress bug are much more severe. On an only tangentially related note, it’s cool to go to a church where some of my pastors know more about web development and video editing than I do.  If you think that would be cool too, you should really check out NCC.

April 25th, 2008
Categories: Tech . Author: Will Johnston

No Comments

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a comment

A Strange Occurrence All We Can Do Is Pray