Techcrunch Says WordPress a Massive Security Risk

(The link to the article is lower in this post, to ensure the proper text appears in the Techcrunch trackback…)

Techcrunch yesterday featured an article by Nik Cubrilovic with the salacious title “WordPress Security Issues Lead To Mass Hacking. Is Your Blog Next?”  – from that article:

Due to its popularity as a blogging platform, WordPress has become a prime target for hackers looking to take over blogs for search-engine optimization (SEO) of other sites they control, traffic-redirection and other purposes. Recently there have been a spate of automated attacks which take advantage of recently discovered security vulnerabilities in WordPress.

To date, WordPress has been keeping up with the security holes by releasing updates within a few days of new exploits being found, but in the past few days new exploits have appeared that nobody seems to have answers for.

Okay, that kind of talk gets my interest.  Funny thing, when I was talking with the Automattic guys (who develop WordPress) yesterday, no mention was made of any new security vulnerabilities.  So I had a look at the stuff he cites  as “the past couple days” and the issues are all over a year old, and affect out of date versions of the software, and are remedied in current releases.

So we have a situation in which one of two things is happening:

  • This is a “hit job” on Automattic by Techcrunch for reason or reasons unknown – if so, shame on you…
  • Or…there are vulnerabilities which Techcrunch did not identify so as to allow WordPress to come up with a fix.  If this is the case, I applaud their handling of the issue.

Either way, Techcrunch in general, and Nik Cubrilovic in  particular need to clarify the existence of new security holes, and they need to do it fast.