9 comments

[ 3.0 ms ] story [ 22.2 ms ] thread
The problem with this article is his list of "Wordpress Problems" could just as easily be named "The Problems Every Web Application Has". Web Apps, by definition, always present a battle between extensibility and security. Wordpress is no different and this author's suggestion (to truncate the extensibility) is an over reaction at this point.

Keep in mind, Wordpress caught the bug before it was exploited. The problem Wordpress has is their users hold off on upgrading because the upgrades often break plug-in functionality. What they need to do is further abstract their plug-in framework so that security updates can be applied without breaking plug-in functionality.

After doing that Wordpress may still need to make the software less extensible but they should at least try every possible way to keep their current functionality before cutting features for security sake.

Is it worth arguing over which blogging software is better? Use what works for you. This guy's points -- Wordpress is the Windows of blogging, etc -- some people are looking for Windows. A lot of people host Wordpress on cheap Dreamhost accounts and don't want to think about security; they'll probably just restore from backups if something goes wrong.

It's the sort of thing that I'd figure makes security guys pull out their hair, but it's the market wordpress serves.

Sadly this post does not mention any alternative. There are plenty good old blog software solutions like Drupal, MovableType or S9Y and a few new ones like Typo, based on Ruby on Rails.

Roughly a year ago I compiled a list with 7 recommendable WordPress alternatives:

http://www.seoptimise.com/blog/2008/10/wordpress-hacked-7-gr...

Especially Typo sounds great:

"Typo is the oldest and most powerful Ruby on Rails blogware, providing custom templates, powerful drag and drop plugins API, advanced SEO capabilities, XMLRPC API and many more."

How is Typo's security?
I'm not entirely sure what the article is trying to point out. Is the author saying Wordpress is dying? And is that because of a couple of bloggers claiming that it is insecure (perhaps rightly so). If that's the case, use whichever blog engine suits you - there are plenty of them out there.

Halfway through the post, the author starts questioning if blogging itself is dead due to microblogging mechanisms like Twitter. Well, maybe. But what's that got to do with Wordpress becoming irrelevant?

Unfortunately this openness is indirectly one of the complications that is making Wordpress vulnerable to even more attacks...

This is a lame sentence. Openness allows your most stupid mistakes and biggest security holes being discovered on an very early stage. That is could be called as crowd-sourced security audit.

Think about openssh - just imagine how many people have tried to find something in its sources.

And now thing about something like oracle, sap or ms products, which were coded on offshore code fabrics in third word. You do not have the source, but you can easily try to exploit common lame-coding issues.

Poorly written, lots of grammatical and spelling errors, and some just plain bullshit speculation, like so:

Since Wordpress is a self hosted solution there's an advantage to making sure it works on the most systems possible, keeping the requirements for hosting it low. To do this the code has to keep a certain low IQ to accommodate the many varied circumstances it might be installed on. While I don't know of specific instances where this happens I have to image[sic]...

So, you're assuming the code has a "low IQ" because it needs to run on a lot of platforms. Does the Linux kernel have a similarly low IQ? What about the Apache web server that serves the majority of the web? What, pray tell, is a low IQ for code? I've written a lot of code in my days, and none of it could ever pass an IQ test. Does that mean I write shitty code?

Then, in the very next sentence, you go on to say that you have no specific examples, and just decide to "image" some. Why not just say, "I don't know what I'm talking about, so I'll just make some shit up."

That was all I could take. I couldn't read any more.

I'm a proud user of Wordpress, and talk like this just pisses me off. Feel free to pontificate all you want about the future of blogging. I'll do so as well:

* Wordpress will be around for much longer than you think, just like built-by-hand "homepages" are still around today.

* Twitter has not killed blogging, RSS feeds, email, or anything else.

* Proofreading will continue to be a skill that serves all bloggers, twitterers, and writers in general.

(comment deleted)