Vulnerabilities in WordPress Blogging brings up some interesting questions that aren’t totally related to blogging. 3


On September 5, the developers at WordPress pushed out a security update.  Apparently there is a worm going around that’s hacking into WordPress blogs and altering their perma-links to install malware and creating hidden user accounts.  From what I’m reading, there are a lot of people who aren’t upgrading to the latest (protected) version 3.8.4.

In normal circles, when the developers release an update for their software, the users update almost immediately.  In this case, some people are one, two or even more versions behind the latest update.  Why?  And why does this relate to non-blogging issues?

The reason that the bloggers are behind is because they are afraid that the updates will break their plug-ins on the blog.  This is roughly the same argument of “I won’t upgrade firefox, because my add-ons may not work afterwards.”  Now, I understand that the addon’s only “break” if you upgrade from version to version (for example Firefox v2 to v3).  But the argument is the same and the reasoning is equally flawed.

WordPress users may have a good argument in that they’ll have to do a little extra work to upgrade.  Meaning they will have to find out if the plug-in is updated, and either install the update or disable the plug-in.  And it may have an effect on some part of their blog that they depend on.  Regardless of this, it’s not a valid argument.

If your plug-ins are such that you absolutely can’t live without them, chances are that within a few days of the upgrade, the developer will have released a compatible update.  And if not, then you should look for plug-ins that perform the same functions and are updated regularly.  Also, in the grand scheme of things (the “big picture” if you will), which is more time-consuming? 

1.  Disabling a few plug-ins and either updating them or installing new ones to replace them

2.  Exporting all of your content to an xml file, uninstalling WordPress completely (and cleaning up the server so there’s no traces of it left), reinstalling the latest version of WordPress, and finally importing all of your content back in (after you’ve reconfigured your database, users, themes, and plug-ins).

As it stands right now, if you haven’t been hacked or caught by the worm, Option 1 is the option you really need to do.  If you’ve already been hacked, or you wait until your “plug-ins” work, you’ll have to do Option 2.

I’m lucky in two senses.  I’m on Blogger, which doesn’t use WordPress.  And my sister blog is hosted on wordpress.com which was updated almost immediately.  I am looking at hosting on a WordPress capable site.  So, how the updating is handled will be one major consideration that I have.

So, if you’re reading this and have a blog that’s hosted somewhere OTHER than wordpress.com (and uses WordPress), I strongly encourage you to update it immediately (if you haven’t already).  And I would like to know your opinion on the updates.  Are you upgrading?  If not, why are you waiting?

Have a great day everyone (and Happy Labor Day to everyone in the US) 🙂

Patrick.


Leave a Reply to PatsComputerServices Cancel reply

Your email address will not be published. Required fields are marked *

3 thoughts on “Vulnerabilities in WordPress Blogging brings up some interesting questions that aren’t totally related to blogging.

  • PatsComputerServices

    Thanks for stopping by. While I haven't used WordPress very much yet, I understand people's concern with the add-ons and plugins. It's the same thing with Firefox when they update.

    The nice thing is, the really good plugins will get updated fairly quickly, I'm sure. So, if any of yours broke, they'll be fixed soon enough.

    Have a great day:)
    Patrick.