[wp-forums] I moderated Steve/WarAxe's post
Petit
petit at petitpub.com
Sat Mar 4 02:48:41 GMT 2006
Vicki Frei wrote:
> in this thread:
>
> http://wordpress.org/support/topic/56569?replies=20#post-337555
>
> It was HIGHLY politically charged. I did keep a copy of it if anyone
> wants to see it.
>
> V
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
He is a highly political guy ;)
Now, this is the second long thread in a short time, where arguments go
high and wild about the "security holes" in WordPress.
Podz and others are defenders of the security state of WP, while wooami,
marke1 and then some are fighting hard to convince us, that there are
severe security holes in the WP software.
Can we possibly do something to cool this thing down?
Not being a security expert, I tend to go with Podz. I believe that one
issue that's taking up some space, the directory listings, is really a
matter of server configuration, than a case for the WP platform. The
other question, strongly argued by whooami, is that of liberal
permissions on files in the wp-content directory.
What's the solution?
1. Would it be easy to stop directory listings, using .htacess or by
placing index.??? files in all directories, that doesn't have one.
wp-content and theme directories are out of harms way already.
2. **In the case of file permissions, would it be possible to advice on
a least liberal policy, that retains the comfort of editing theme files,
use the cache and the backup and upload images.
Even if WP *is* safe ( Podz :) , it's a good thing if users also *feel*
safe.
It's not only a security but a marketing matter.
/Petit
More information about the wp-forums
mailing list