Scriptwriter John August wrote recently on the recent WordPress attacks:
Over the weekend, there was a lot of uproar about a worm attack on WordPress installations that wrecked some notable blogs. Amid the sometimes-smug observations by the unaffected, I found one point that needs to be elevated to basic principle:
Most people shouldn’t be running their own blogging software.
When I last blogged about the security issue, I asked two questions: 1) what are the odds? and 2) should we be thinking about switching platforms? These two questions resulted in a number of replies – in Novelr’s comments, via Twitter; via email. But my 2nd question wasn’t what some of you thought it to be. I was asking, rather, if we should be thinking about building yet another CMS, when WordPress itself – a remarkably polished project, I must say – was compromised by a worm attack.
I’ll be posting a summary of the few features we’ve discussed soon, and hopefully also a couple of mockups of what a good fiction format should look like (my copy of Photoshop doesn’t seem to like Snow Leopard very much). But while the need and the feature set for a format is clear, the how-tos and the implementation is still far from obvious. Till they are, however, I’d like to know your thoughts on this security issue – how safe do you feel on WordPress? Would you consider switching? Or should you prefer a hosted service, like August suggests?