Mar 03

Yet Another WordPress Security Hole

by in Techie :: Techno ::

WordPress is beginning to become a little like phpbb2 – a security nightmare.
Last night I got a “heads up” from one of our sysadmins that there was another security release, as the WordPress download servers had been cracked!
Lovely!
I upgraded this install as soon as I heard, but of course I forgot to update some permissions etc., which is why it was a wee bit broken until a few minutes ago.
Running around patching and upgrading blogs every few days is not my idea of fun. If it was only once every six months it would be one thing, but the number of holes that WordPress seems to be developing of late may force me to rethink my choice of software in the future.
Movable Type is looking more and more attractive every day!
Full story here

Related Posts:

  • No Related Posts

8 Responses to “Yet Another WordPress Security Hole”

  1. From Robbert:

    Hey Michele,
    Exactly my concern aswell.
    I’m getting sick of those security issues here, alltho i try to keep in mind that it is free software but still.
    Any experiences on moving wordpress to MT ?
    Rob

    Posted on March 3, 2007 at 6:56 pm #

  2. From michele:

    Rob
    I’ve never done WordPress > MT, though I have done MT > WordPress
    The main issue I’d expect are the permalinks for older entries
    Michele

    Posted on March 3, 2007 at 9:23 pm #

  3. From Cormac:

    Well, to be fair the recent security issue only relates to recently downloaded packages of WP. The post by Matt states that they got hacked 4 days ago. So if you downloaded prior to that then you’re okay.
    I would never dream of moving from WP to another blogging platform.

    Posted on March 3, 2007 at 11:22 pm #

  4. From Conor:

    At least its painless upgrading compared to phpBB2. I’ve hosed many phpBB installs trying to upgrade it.

    Posted on March 4, 2007 at 10:49 am #

  5. From michele:

    Conor – that’s one of the reasons why I avoid phpbb2 :)
    Vbulletin is a lot saner!
    Cormac – Have you tried any of the other blogging solutions?

    Posted on March 4, 2007 at 11:17 am #

  6. From David Precious:

    I think it’s worth highlighting that the WordPress team have dealt with this issue in a professional and responsible fashion, and I’m sure they’ll be conducting proper checks on the security of their servers and their development and publishing processes.
    I hope this issue isn’t going to dent people’s confidence in WordPress too much.

    Posted on March 5, 2007 at 11:53 pm #

  7. From Eric:

    I have heard that most of the security bugs mainly the xss bugs were fixed in version 2.2 Is this true or do they still exist. Also, if there are too a lot of bugs in word press is there a better alternative?

    Posted on June 13, 2007 at 11:13 pm #

  8. From michele:

    Eric
    They were all fixed as far as I know.
    There are other blog platforms apart from WordPress :)
    Michele

    Posted on June 13, 2007 at 11:26 pm #