I know I’m probably a little late commenting on this, considering the size of the WordPress community, but for those of you that depend on my blog to keep you in the loop as to what’s going on I’ve got to post this. A recent worm virus has been targeting older, outdated WP blogs. There’s been much buzz on the Internet about the “security measures” you should take to secure your install of WP.
I went right to the source, and decided to take Matt’s word for it. I wasn’t surprised to see that he had already addressed all the “alternate security measures” being thrown out all over the place.
There is only one real solution. The only thing that I can promise will keep your blog secure today and in the future is upgrading.
Overall, his summary is basically how I feel. Just update, it’s the best way to make sure that future manifestations of popular viruses have a hard time getting into your install. All the security scanning plugins I’ve tried have compatibility issues with the other plugins I run, rendering them useless… plus the load on the server is too much.
WordPress is a community of hundreds of people that read the code every day, audit it, update it, and care enough about keeping your blog safe that we do things like release updates weeks apart from each other even though it makes us look bad, because updating is going to keep your blog safe from the bad guys. I’m not clairvoyant and I can’t predict what schemes spammers, hackers, crackers, and tricksters will come up with with in the future to harm your blog, but I do know for certain that as long as WordPress is around we’ll do everything in our power to make sure the software is safe. We’ve already made upgrading core and plugins a one-click procedure. If we find something broken, we’ll release a fix. Please upgrade, it’s the only way we can help each other.
