[wp-hackers] Plugin update & security / privacy

Mark Jaquith mark.wordpress at txfx.net
Sun Sep 23 21:54:25 GMT 2007

On Sep 23, 2007, at 3:35 PM, Matt Mullenweg wrote:

> I think this feature is actually going to dramatically improve the  
> security of WordPress overall. We all saw the survey that 95% of WP  
> blogs were vulnerable. That didn't even look a plugins. I think the  
> survey was flawed, but you still can't deny that for most people  
> knowing there is an update and actually updating just doesn't  
> happen, and this is a necessary first step. If the only "trade-off"  
> is sending an ALREADY PUBLIC blog URL to wordpress.org, then great!

Back up a minute.  Why is the blog URL needed?  The update  
notification functionality works fine without it.  You don't need it  
for statistics purposes -- wp_hash('update-notification') 's output  
would be just as unique.  How do users benefit by sending their blog  
URL?  I think the onus is on us to show why it is necessary or  
beneficial.  If we can't, it shouldn't be there.

Mark Jaquith

Covered Web Services

WordPress Ninja @ b5media Inc

More information about the wp-hackers mailing list