Comments
Movable Type Security Trumps WordPress, Not Much Of A Newsflash
Written By Mike on Jun. 13, 2008.
2 Comments
Report Note
+ Clip This
From the Clip Movable Type Security Trumps WordPress, Not Much Of A Newsflash posted by Mike:
Six Apart has had the more stable and secure blogging platform for awhile now and Anil finally puts it into words with some hard facts (from the Dept. Of Homeland Security) to back it up.
I just left a comment over at Anil Dash's entry at the Movable Type blog about this and I think it's worth reiterating here at Wriging for others to see.
The problems that WordPress is currently having with security really need to be scrutinized because huge security issues like this one are a bad thing. WP has released an update to address that issue but the bottom line is that if you allowed users to register on your site they could potentially modify their cookie and trick your WP blog into thinking they were authenticated into a different account and then gain administrative rights over your site. Ouch. Let's hope you downloaded that update.
Scrivs
Written Jun. 13, 2008 / Report /
Well WP has the unfortunate distinction of being the Windows of the blogging scene and by this I mean most widely used platform and therefore one that is going to be most susceptible to attacks. When the code is Open Source it makes it easier to find holes, but also makes it easier to patch them up.
davidhayes
Written Jun. 13, 2008 / Report /
I was going to throw in the zinger: "It's easy to be secure when you've not added features in years."
But Scrivs makes a good point. WordPress, like Windows, suffers from the fact that everyone uses it, and not everyone keeps it up-to-date. The developers actually do an admirable job patching stuff, but that's doesn't stop blogs running WordPress 2.2.1 from suffering from already-patched vulnerabilities.