Monthly archives: September 2009
WordPress is like Windows, it's a huge target so hackers are extra-motivated to exploit it.There has been a bunch of brew-ha-ha over WordPress security over the last week or so. It started off a few weeks ago with a really easy URL hack to reset the Admin's password. That ballooned into a far nastier exploit allowing a new admin to be created who could totally hose a site. Matt Mullenweg does a little damage control here by essentially saying the best way to stay secure is to stay updated to the latest version. I wholeheartedly agree, and think that that step is just a part of a complete security breakfast (the upcoming book will have lots on security). I have probably nearly 20 WordPress sites I maintain and every single one of them was at 2.8.4. It's so trivially easy to upgrade, It's a no-brainer.
WordPress is a CMS. The whole idea being to manage content and make websites editable without having to wrangle code. Any theme can handle Posts and Pages, but what about those "smaller" areas. Little chunks of text placed around a design like a small "about" section, or the copy in the footer of a website. A lot of times this text is hard-baked right into the theme, which isn't a very friendly way to do things, as it can't be updated by average Joe user.