Comments on: Yet another wordpress exploit

By: WordPress and Other Criticisms. : The Private intellectual

WordPress and Other Criticisms. : The Private intellectual — Sun, 08 Jul 2007 09:08:37 +0000

[...] his own. Rather, Wincent takes his comments - slightly re-written - from someone calling themselves Sho Fukamachi. This isn’t a problem in itself, since he has linked to the original article, although not [...]

By: Sho

Sho — Sat, 23 Jun 2007 07:59:49 +0000

For my reply to the above missing-the-point comments, simple replace all instances of “WordPress”, chronically insecure software aimed at non-technical users, with “Microsoft Windows”, also chronically insecure software aimed at non-technical users.

No more comments! Sorry, I don’t really run this blog to conduct conversations with strangers.

By: Cody

Cody — Sat, 23 Jun 2007 06:47:43 +0000

I’m of a like mind with Pi there. WordPress is not to blame for lazy people who don’t bother to keep things up-to-date. The lazy-ass morons who don’t know a thing about being safe on the Internet are to blame. I update manually every time there’s a new release and somehow I don’t have any problems doing it. Does it take too much time? No, not really. It’s not really a “fucking pain in the ass” either. Maybe because I know enough about how WordPress works to only replace what needs to be replaced. You shouldn’t need to mess with copying your themes since the wp-content folder does not usually need to be updated at all.

Granted, I’m not the average Joe blogger, but the average Joe blogger should be using a platform that doesn’t require any technical knowledge at all, such as Blogger or WordPress.com, not a manual install of WordPress. If you don’t know anything about being safe on the Internet, you shouldn’t be installing things on an SQL database.

Besides, all software has its security holes. At least WordPress jumps on their holes when they become troublesome. That’s the good thing about being open source. Anyone can pitch in to get rid of an exploit. What about the alternatives? Movable Type? It sucks, and (for now) you have to rely completely on Six Apart being open about any security holes. WordPress publicizes their exploits, which results in a relatively quick turnaround for fixes. What, is a couple of weeks too long to wait for a fix? Better than a couple of months as it is with most closed source software.

But really, if you dislike WP so much, ditch it. I’ve read about many people switching from Movable Type to WordPress. If they can do that, you can surely switch from WordPress. Or would that just take up too much of your precious ranting time?

By: Pi

Pi — Sat, 23 Jun 2007 06:09:55 +0000

I find it strange seeing people condemning WordPress for doing exactly what they demand others, such as Microsoft and Company, do. Were it not for the regular security fixes and updates to WordPress it would be dead in the water like so many other software applications which are unable to keep up with the times, or with the threat level.

As to your list of what needs to be done for each and every upgrade or update, really? I have never had the need to move a single picture from one file to another when updating or upgrading - and I have several hundred on my weblog - and switching off plug-ins is a piece of cake, there is an interface there exactly for that task.

So some people don’t upgrade - including an Internet company - is that a WordPress fault? I don’t think so. Everyone can decide for themselves whether they upgrade or not, the information is always readily available, and that often within an hour or so of a problem arising - when it’s a serious one, and that is rare to say the least.

You quote the svn update facility, anfd then recommend that people don’t use WordPress? Biting yourself in the ass, I would say, since the svn update facility is one of those good sides other providers do not have. Perhaps you realise this an, despite your rather random and ill-thought out tirade, you’ll come to see tzhat you use WordPress because it is better than the others, and likely to remain that way for a long time to come. Or would you rather switch to Moveable Type - about to go Open Source just like WordPress - and close down your comments, hide in a hole and only venture out to sniff at the competition as it races into the future, leaving you and Wincent Colaiuta behind?

Pi.

By: Wincent Colaiuta

Wincent Colaiuta — Thu, 21 Jun 2007 08:41:35 +0000

My thoughts exactly.