http://wriging.com/notes/ Wriging Thread: Movable Type Security Trumps WordPress, Not Much Of A Newsflash en Thu, 08 Jan 2009 08:19:38 +0000 http://wriging.com/blogging/notes/15007/p/1/#response-117726 Sat, 14 Jun 2008 00:55:05 davidhayes 117726 <p>I was going to throw in the zinger: "It's easy to be secure when you've not added features in years."</p> <p>But Scrivs makes a good point. WordPress, like Windows, suffers from the fact that everyone uses it, and not everyone keeps it up-to-date. The developers actually do an admirable job patching stuff, but that's doesn't stop blogs running WordPress 2.2.1 from suffering from already-patched vulnerabilities. </p> http://wriging.com/blogging/notes/15007/p/1/#response-117674 Fri, 13 Jun 2008 05:53:55 Scrivs 117674 <p>Well WP has the unfortunate distinction of being the Windows of the blogging scene and by this I mean most widely used platform and therefore one that is going to be most susceptible to attacks. When the code is Open Source it makes it easier to find holes, but also makes it easier to patch them up. </p> http://wriging.com/blogging/notes/15007/p/1/#response-117666 Fri, 13 Jun 2008 05:46:56 Mike 117666 <p>I just left a comment over at Anil Dash's entry at the Movable Type blog about this and I think it's worth reiterating here at Wriging for others to see.</p> <p>The problems that WordPress is currently having with security really need to be scrutinized because <a href="http://article.gmane.org/gmane.linux.debian.devel.bugs.general/428015">huge security issues like this one</a> are a bad thing. WP has released an update to address that issue but the bottom line is that if you allowed users to register on your site they could potentially modify their cookie and trick your WP blog into thinking they were authenticated into <em>a different account</em> and then gain administrative rights over your site. Ouch. Let's hope you downloaded that update. </p>