A Story of Fear: WordPress Hacks
I went away from home, on a micro weekend vacation, and on arrival to where I was staying there were numerous e-mails waiting in my account. It seems as though old versions of WordPress were being hacked and many clients and friends wanted their versions of WordPress upgraded. One of them, a business owner was very nervous about his WordPress blog, as he derives a reasonable amount of revenue from it.
The blog was running 2.8.3, one version behind the current 2.8.4. I did a quick check, and saw that 2.8.3 was secure from the issue going around, but the state of panic that spread through the blogosphere about making sure you had 2.8.4 left me having to defend my vacation.
I didn’t have the server details to do anything from where I was and the automatic upgrade wouldn’t work due to the strict folder permissions on their site.
It was interesting though that through the issue of a mass hack, it brought to the attention of many people that previously gave little thought to upgrading, an eye opening warning but it didn’t make them try to learn more about WordPress, the issue or the community. It only created panic and ridiculous hysterics.
The fact is that these security issues do little more than create panic when not properly reported to the public. Automattic was very good in their own blog, and worked on pushing out useful information, hopefully quelling some of the ridiculousness spreading through the blogosphere.
Some of my clients have become rather paranoid over the whole upgrading thing, still not heeding my warnings that a good backup system should also be in place for their files and database.
The fact is: WordPress has a low barrier for entry and attracts people that aren’t computer savvy to use it. WordPress has done as much as possible to help protect these people from themselves, through the use of the core upgrade tool, and the community driven backup and security plugins.
Now, what needs to happen is that those running on platforms like WordPress either need to take an active interest in the community, hire someone that has an active interest, or revert back to an HTML website that is so basic that there are no scripts to hack.
That’s just my two cents. If you want to read more on this issue, I suggest checking out a great article by Jeff Chandler entitled “Are You Responsible Enough To Run WordPress?”