STOP updating Wordpress and concentrate on security

**Shenron** · 13 April, 2011, 20:57 PM

Really, this is getting on my nerves...

The fact that WP is free doesn't justify that their team keeps updating the software over and over with bullshit features and keeps ignoring the fact that they need to perform some decent testing on many major security issues.

Security�Incident — Blog — WordPress.com

**iowadawg** · 13 April, 2011, 21:20 PM

Well, all I can say is, don't use wordpress.
LOL

But he does make a point on usernames and passwords.
And to add what he said.
The default when you install wp via cpanel for the database is always wrdp1 and the user is always wrdp1.
Wonder how many people do not take the time to rename the database and user?

**Shenron** · 13 April, 2011, 21:29 PM

And who the hell created those defaults? Ah yes, the WP team...

I do care about usernames, passwords, etc, in fact I'm a security maniac, anyhow I still think they're providing a terrible service to the community as they keep updating their software with crappy stuff instead of consolidating what they have, specially security wise.

**Hellas** · 14 April, 2011, 15:44 PM

These plugins and/or options should be integrated with the Wordpress.

Limit Login Attempts

Disable Password Reset

Bulletproof Security

**Andy101** · 14 April, 2011, 16:57 PM

Since WP is open source with an active hive (ha ha tying to coin a phrase) of contributors, I suspect that it will forever be updated along with all the plugins, and to a lesser extent, the themes.

**Aziz** · 15 April, 2011, 10:05 AM

I totally agree with you. my website was hacked a couple of times (tho nothing critical) I managed to restore everything and block access to wp-admin
now I have to reconsider using something else

**Andy101** · 15 April, 2011, 12:08 PM

I'm using concrete5 CMS for non-blog sites. This is not regularly updated (because it doesn't need to be), and all the plugins and themes get scrutinized by the developers before being listed in the market place.

**TopDogger** · 15 April, 2011, 12:18 PM

Originally Posted by Shenron

The fact that WP is free doesn't justify that their team keeps updating the software over and over with bullshit features and keeps ignoring the fact that they need to perform some decent testing on many major security issues.

I've met several of the WordPress developers through Word Camp. Based upon my experience, these guys are not security people. Most of the security fixes that they add to updates come from reports from contributors outside of their circle. Yeah, they are way too focused on adding bells and whistles that users really do not need. My impression is that they are constantly striving to push the limits of their programming skills. For the most part, they have done a good job with that and we can't complain about the price.

Most of the updates in recent years have included numerous security fixes. WordPress security is a lot tighter than it once was, but when you are dealing with open source code any really good hacker can find some way to break in.

If you adhere to good security "best practices" to harden your sites, you will probably never have a problem. I have several WP blogs and have never had anyone break into any of them. If you have you have a VPS or dedicated server, a firewall is something that is absolutely necessary. You can use the best security practices in the world with your web site, but if the server security is lax, it won't protect your sites.