[wp-hackers] wordpress security

Nathan Rice ncrice at gmail.com
Fri Oct 16 15:27:55 UTC 2009


On Fri, Oct 16, 2009 at 11:19 AM, Sharon Chambers <sharon at brewerradio.com>wrote:

>
> I would call it annoyance.  Anyone professing themselves to be website
> admin should be logging into their dashboard on occasion, and anyone failing
> to do so has no one but themselves to blame for security threats.
>
> I fail to see why a non-geek web admin would be considered "normal" at any
> rate.
>
>
That's exactly the attitude that gives WP the reputation it has for
security. That everyone who uses WP is a professional and should be
responsible not only to upgrade their install every time a new version comes
out, but should also be proactive about checking for upgrades.

Now, personally, I believe they SHOULD do both of those things. But I live
in reality, where they WON'T do both of those things.

So, we can either sit cross-armed and blame the stupid users, or we can
continue to provide them with tools that anticipate their lack of
provocativeness, like a simple email notification.

And no, a plugin won't suffice. It's a extra step that most users won't
take.


More information about the wp-hackers mailing list