[wp-hackers] Plugin Upgrade Failing when using Subversion

DD32 wordpress at dd32.id.au
Fri Jan 16 05:07:08 GMT 2009


2009/1/16 Mike Schinkel <mikeschinkel at newclarity.net>:
> Put it this way; if their site went down because of an unplanned plugin upgrade it would be exactly what the people who don't trust open-source would use to make sure that company never again used WordPress as long as they could.  And I don't want my WordPress project to be that negative catalyst for WordPress.

If it was me, and my site went down due to someone disabling the
upgrade warnings and something exploiting wordpress or a plugin thats
installed.. then i'd be pissed at the developer..

I get in the range of >300 bots every day trying over 100 different
exploits against WordPress & its plugins on my personal site, Most of
them you can trace to either ancient bugs/exploits, or relitivly
recent items, last time i checked through them, I think i found
something targetting 2.5, and a .1 older version of a semi-popular
plugin.

If you're going to leave an install unattended, Definately write the
plugins yourself, its bad enough that you're planning on leaving
WordPress core as is, Whilst i believe that its generally pretty
secure, there are always things targetting older versions.. (And
hiding the version does nothing, they simply dont care)


More information about the wp-hackers mailing list