The biggest battle of the team better safetyof WordPress is not against hackers but against the users of the platform themselves.
Millions of them continue to run web pages on older versions of WordPress CMS that often fail to protect the kernel, plugins and issues from attacks.
Speaking at congress for DerbyCon cyber security earlier this month, Aaron Campbell of the WordPress Security Team gave the public a picture of how WordPress has been dealing with this issue in recent years.
He described this process as a focusing rout as the WordPress team decided instead to keep the software safe with bug fixes, focus on maintaining user security through their software and their actions.
"The first thing we learned was that users are more important than software," Campbell told the audience.
The main issue is that millions of users are still using older versions of WordPress for their pages. Older versions are technically secure, but they face more risks than the most recent versions.
So after much internal discussion, the WordPress team decided to support these older versions because many users still use them. The decision also has its drawbacks as facilities would have to be supported with security gaps five years old.
As a security team this is very difficult (the backport patching process).
We are trying to find ways to upgrade these versions automatically without spoiling the web pages, trying to effectively get rid of them from the internet.
One of the ways that the WordPress team uses is automation updates through a mechanism released with WordPress 3.7 in 2013.
Automatic updates are enabled by default for all new installations, and appear to help keep installations in recent releases.
The WordPress team also created a notice that appears on the WordPress control panel when users use older versions of PHP.
Campbell also mentioned that the WordPress team works with the developers of the most popular plugins, and this has yielded great results, as smaller plugins have started to follow (or steal) the coding techniques used by the larger ones. projects.
So indirectly security has increased in almost all plugins.
____________________
- WorPress Get to know the history of the most popular CMS
- Debian: A comprehensive guide to everything in English