WordPress Is Still Secure, But Using The Latest Version Is Important

Someone has found a way to exploit a bug in older WordPress versions. The attack can be quite severe, and do permanent damages to your site. Lorelle has details of the attack and its symptoms. The best way to avoid this attack is to upgrade to the most recent version.

I received a couple of pings saying that WordPress is insecure and the community is irresponsible. By personal experience as a WordPress user and as a software developer, I think it is the exactly opposite. Some reasons:

  • This attack is on the older versions. The couple of recent releases are immune to this attack. Which means that this security hole has already been plugged.
  • It can happen with any software where security holes in older versions can be exploited. The recent case of Ruby On Rails is a good example. The alarming fact here is that there were significant number of installations with older versions.
  • Considering that it is important to stay updated with the latest version, WordPress makes it easy to upgrade with automatic upgrades and a reminder about the upgrade right on the dashboard.
  • Like many other open source projects, a lot of contributing members go through the WordPress code. This helps in proactively spotting bugs or security holes before the code gets released and in reacting quickly to avoid such attacks.

In spite of this, it is a fact that no software can be bug-free. There will be those who will keep looking at exploiting vulnerabilities. The best we can do, after releasing a version, is to have a way of tackling these attacks quickly and help those who are in panic. And I think WordPress has the most assured chance of doing this, because of its community and because it is open source.

Say your thought!

If you want to use HTML you can use these tags: <a>, <em>, <strong>, <abbr>, <code>, <blockquote>. Closing the tags will be appreciated as this site uses valid XHTML.



Abhijit Nadgouda
iface Consulting
+91 9819820312
My bookmarks


This is the weblog of Abhijit Nadgouda where he writes down his thoughts on software development and related topics. You are invited to subscribe to the feed to stay updated or check out more subscription options. Or you can choose to browse by one of the topics.