Comments on: WordPress Security Prevention, Reactions, and Scares

By: 150 Ways To Break Into Your Blog (Hacking For Dummies) — Practice This

150 Ways To Break Into Your Blog (Hacking For Dummies) — Practice This — Fri, 17 Apr 2009 21:56:18 +0000

[...] WordPress Security Prevention, Reactions, and Scares [...]

By: Firewalling and Hack Proofing Your WordPress Blog « Lorelle on WordPress

Firewalling and Hack Proofing Your WordPress Blog « Lorelle on WordPress — Sun, 08 Mar 2009 04:10:39 +0000

[...] Lorelle on WordPress – WordPress Security Prevention, Reactions, and Scares [...]

By: weez

weez — Fri, 13 Feb 2009 22:46:48 +0000

The truth is that no blanket statements are true. That was my point in my original comment. It is possible to write error free code (or very very close to it) if that is your goal. In addition to rigorous testing requirements, you will have to do additional vetting on every piece that your system relies on, and for those that don’t past muster, you will need to recreate them from scratch with security in mind. These are the conditions that DJB (mentioned above) worked under. His top goal was security, and he threw away error prone parts of the C library and wrote his own to help ensure that goal.

The last I checked, no dynamic language interpreters were created with security being the number one goal. The security track record of all of them reflects that. Someone should go create a dynamic language from the ground up with security in mind. So yes, for a complex system like WordPress, even if the WordPress developers don’t introduce vulnerabilities, they are still blamed for the weakest link, which could be Apache, PHP, or the kernel of the OS they are working on.

By: Lorelle VanFossen

Lorelle VanFossen — Fri, 13 Feb 2009 21:50:37 +0000

While this might be true, security vulnerabilities are found long after “perfectly formed” software is written, including the core code that created the Internet, which was only found last year. Programming that relies upon PHP, MySQL, Apache, operating systems, and other code from other sources occasionally have vulnerabilities uncovered – so does that make the original programming at fault? No, but people blame it anyway, as in the case of WordPress.

Honestly, few things human made are perfect or error free. I’m sure this person is good, but that doesn’t change the truth.

By: weez

weez — Fri, 13 Feb 2009 16:31:11 +0000

In response to comment number 2 (Douglas Bell).

Most people don’t realize that it is possible to write software that is 100% bugfree, and thus no security issues. Daniel J Bernstein has done this many times (in addition to freeing encryption software for public use in Bernstein v. United States). Qmail is one of his contributions to the world. His DNS software in addition to being fast was immune to the recent DNS security issues ~10 years before anyone else. Check out his wikipedia entry

By: Security and Hacking: Protect Thyself and Thy WordPress Blog | The Blog Herald

Mon, 19 Jan 2009 10:47:58 +0000

[...] responds immediately to any security vulnerabilities with patches and upgrades for their core program, and offer alerts for security issues on WordPress [...]

By: Wordpress 2.7 Coltrane! | PapaJoneh’s Little Knowledge

Wordpress 2.7 Coltrane! | PapaJoneh’s Little Knowledge — Sun, 14 Dec 2008 02:00:09 +0000

[...] Some search engines and directories are considering penalizing page rank or not indexing old versions of WordPress due to security vulnerabilities and failure to upgrade (few spam sites upgrade). For more information, see Technorati: Vulnerable WordPress Blogs Not Being Indexed, Matt Cutts: Alerting Webmasters to Webserver Vulnerabilities, Fear, Uncertainty and Disinformation About The WordPress Exploits and Spam, and WordPress Security Prevention, Reactions, and Scares. [...]

By: WordPress News: WordPress 2.7 Released | The Blog Herald

WordPress News: WordPress 2.7 Released | The Blog Herald — Thu, 11 Dec 2008 10:11:11 +0000

By: WordPress 2.7 Available Now « Lorelle on WordPress

WordPress 2.7 Available Now « Lorelle on WordPress — Thu, 11 Dec 2008 04:22:40 +0000

By: Helping in the WordPress Forums is an Education | The Blog Herald

Helping in the WordPress Forums is an Education | The Blog Herald — Wed, 17 Sep 2008 05:05:03 +0000

[...] Blog Hacked? If your WordPress blog has been hacked, don’t blame WordPress. WordPress mandatory security upgrades and patches are announced as [...]