MUM's WordPress recipe blog USED AS ZOMBIE in DDoS attacks Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks. More than 160,000 legitimate WordPress sites were abused to run a large HTTP-based (layer 7) distributed flood attack against a target, which called in cloud security firm Sucuri for help. Security …
I believe that the ability to auto update only came in with an update that was released relatively recently. I was updating manually and then I suddenly noticed that it was updating itself.
However, I don't think that the plugins auto-update.
I'm actually changing out from WordPress after one of my self-hosted WordPress blogs decided to destroy all the posts, and the WordPress support forum was like, "Meh!" and searches seem to hold many accouns of WordPress blogs just suddenly dropping all their posts. So ... I'm looking around for an alternative now.
""This is a prime example of how users aren't regularly performing updates to their websites, because if they were, we wouldn't still be seeing DDoS attacks being carried out by websites taking advantage of this old flaw,” Power added"
Well, perhaps these users have real lives and cannot be webmasters 8 hours a day. Perhaps they expect updates to be pushed like they are with windows.
Stupid expectation? Of course. But does it say anywhere on the wordpress box that a substantial effort must be made to read the alerts and keep the software current or your neat recipe blog will become like unto an neste of vypers? Or is that bad news buried in EULA land in annoying kilobolx of wordage?
Because, you know, ordinary people expect stuff to just work and work properly. It never does, but that's the human condition.
Just logging in once every 3 months and pressing the 'Update' button will do...you don't have to devote your life or gird your loins or anything.
Plus if you use Softalicious, you get an email notification when WP updates. I always use Softalicious for one of my personal sites for this reason.
My gripe is logging in and pressing "Update" does diddly squat for me as it then asks for a FTP/FTPS host.
I don't run FTP or FTPS on my host: I have SSH/SFTP/SCP for that. I have a heap of shell scripts that download, backup and unpack updates for each bit, but it's extra effort still, and so it doesn't get patched nearly as often as it should because of the above limitation.
This plugin, should be standard issue:
http://wordpress.org/plugins/ssh-sftp-updater-support/
This post has been deleted by its author
Nice try, but Wordpress doesn't ask you to run an FTP host, or ask you to point it to one. It does, however, like to use PHP's built-in FTP *CLIENT* to download files. I'm sorry that you don't want to be able to FTP *from* your servers to pull down files, but for most of us it isn't a problem.
"Just logging in once every 3 months and pressing the 'Update' button will do"
And here is the disconnect between computer knowledgeable people and the rest of the world made manifest.
In every single other aspect of life, the golden rule is "If it ain't broke, don't fix it". Since the breakage in question here is an abstruse thing not visible or even understandable to great swaths of the population, what on earth makes anyone think someone will press an "update" button?. Especially in these days of "never click on a link" anti hijack advice.
Seriously, do people really believe others don't update their windows home machines because they obstinately refuse to get with it? Does no-one 'get' the contradictory nature of the "lightweight" security advice being handed down from the mount?
The problem lies in broken software in every case. Failures of imagination in designers, failure of diligence in the programmers. Blaming the users is easy. Fixing the problem is too close to home. Hence the mess.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
