Earlier today the WordPress blog released an article titled “Secure File Permissions Matter” in an effort to debunk some of the blog posts out there accusing WordPress of having a pretty significant security vulnerability…
Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.
While every blogging platform / cms has their own set of quirks, one thing I’ve never had bad luck with is security when it comes to WordPress. Now that doesn’t mean I haven’t seen malicious code within WordPress, but it has never been because WordPress had a security hole & if there had been one, they’ve always addressed with an update or a patch.
The post goes on to say
A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.
and I would have to agree in saying that the times I’ve seen an install compromised was because of extremely loose FTP or server passwords, or some other issue.
In conclusion, I’d say WordPress is still a great blogging / small CMS platform to use & work with.
-Tim
test comment
this is another test comment