WP Tavern › Forums › Create Topic
Ted Clayton While many developers are not too keen on the possibility of WordPress someday adopting automatic updates for core, plugins, and themes by default, your average website owner would probably probably prefer it over would-be ISIS hackers exploiting the simplest of vulnerabilities to deface their websites. Although a forced update program will be able to reduce the prevalence of certain categories of vulnerabilities, old plugins and WP installs are a small part of the security picture. Firefox went this route, and we certainly hope its user-ship curves aren’t a harbinger of WordPress’ trajectory. Security is so many different things, it has to be an automatic points-deduction to hold forth that any update program will have much effect. The security of a perfectly updated cyber-world would be minimally distinguishable from today’s status. In view of these considerations, it seems the purpose of the update-push is not security (which it can’t promote overall), but about other goals which we think won’t be as acceptable as … helping address ISIS aggression. It will be interesting to see if the forensics can determine whether ISIS was involved, or whether it could have been some unrelated party. Personally, I’ve been an update-fan since the very days (and I recommend it to everybody). I check for updates the way we used to handle dairy cows and farm animals; feed & tend them first, then go have your own breakfast. Then I went in the military, and added their duty & morals ideas. ;) No, my concern isn’t that a high-handed update regime is going to deprive me of some intangible, or crash my little empire. No, my concern is that WordPress is seeking to alter its identity in ways that will make it less suitable for the roles that I value.
Ted Clayton
While many developers are not too keen on the possibility of WordPress someday adopting automatic updates for core, plugins, and themes by default, your average website owner would probably probably prefer it over would-be ISIS hackers exploiting the simplest of vulnerabilities to deface their websites.
Although a forced update program will be able to reduce the prevalence of certain categories of vulnerabilities, old plugins and WP installs are a small part of the security picture.
Firefox went this route, and we certainly hope its user-ship curves aren’t a harbinger of WordPress’ trajectory.
Security is so many different things, it has to be an automatic points-deduction to hold forth that any update program will have much effect. The security of a perfectly updated cyber-world would be minimally distinguishable from today’s status.
In view of these considerations, it seems the purpose of the update-push is not security (which it can’t promote overall), but about other goals which we think won’t be as acceptable as … helping address ISIS aggression.
It will be interesting to see if the forensics can determine whether ISIS was involved, or whether it could have been some unrelated party.
Personally, I’ve been an update-fan since the very days (and I recommend it to everybody). I check for updates the way we used to handle dairy cows and farm animals; feed & tend them first, then go have your own breakfast. Then I went in the military, and added their duty & morals ideas. ;)
No, my concern isn’t that a high-handed update regime is going to deprive me of some intangible, or crash my little empire. No, my concern is that WordPress is seeking to alter its identity in ways that will make it less suitable for the roles that I value.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
