WordPress and Security


There’s been some push-back from the community about security problems in WordPress. There were some exploits written recently that took advantage of holes in older versions of WordPress. Matt Mullenweg has weighed in on how to keep WordPress secure. His basic advice? Upgrade.

As a long-time Movable Type user who recently switched to WordPress, I was already aware of the various security challenges that WordPress has faced over the years. But it seemed to me that the WordPress developers were responsive and quick to release security updates. Movable Type rarely had updates and was generally secure. That fact alone isn’t material, but I’ve noticed that my behavior with Movable Type bodes well for using WordPress successfully. That is, when I was using Movable Type, I upgraded whenever they released a new version. Sometimes it would be the same day as the release. So when security updates were released, I was on top of that. WordPress makes it even easier by announcing all their updates in the administration screen. Movable Type has announcements for some updates but definitely not all.

So if the solution to keeping WordPress secure is to update frequently and quickly, that seems like a no-brainer for me, since I’m one to do that regardless. And while it wasn’t always crucial with Movable Type, it appears to be a crucial step with WordPress. That is, it’s even more incentive to upgrade.

One of things I’m liking right away about WordPress is the active developer community. There appears to be a lot of activity going on with plugins and with the main application itself. Of course, I’m starting with 2.8.4 so I’ll have to see how to optimize the upgrade path. With Movable Type, I had established a simple methodology for doing clean upgrades each and every time, and it’ll be interesting to see if WordPress allows for reasonably clean upgrades.