The biggest battle of his security team WordPress it is not against the hackers but against themselves users of the platform.
Millions of them continue to run web pages in earlier versions of WorPress CMS, which often fail to protect the kernel, plugins and attack themes.
Speaking at congress at cyber security DerbyCon earlier this month, Aaron Campbell of the WordPress Security Team gave the audience a picture on how WordPress has dealt with this issue in recent years.
Περιέγραψε τη διαδικασία αυτή σαν μια στροφή εστίασης, καθώς η ομάδα του WordPress αποφάσισε αντί να διατηρήσει το λογισμικό ασφαλές με την επιδιόρθωση σφαλμάτων, να επικεντρωθεί στη διατήρηση της ασφάλειας των χρηστών, μέσω του λογισμικού αλλά και των actions their.
"The first thing we learned was that users are more important than software," Campbell told the audience.
The main issue is that millions of users are still using older versions of WordPress for their pages. Older versions are technically secure, but they face more risks than the most recent versions.
So after big internal discussions, the WorrdPress team decided to support these earlier versions because many users still use them. The decision also has its drawbacks as facilities with five-year security loopholes should be supported.
As a security team this is very difficult (the backport patching process).
We're trying to find ways to upgrade these versions automatically without breaking the sites, essentially trying to get them off the web.network.
One of the ways the WordPress team uses is automatic updates via a mechanism released with WPrint 3.7, 2013.
Automatic updates are enabled by default for all new installations, and appear to help keep installations in recent releases.
The WordPress team also created a notice that appears on the WordPress control panel when users use older versions of PHP.
Campbell also reported that WorPress team is working with developers of the most popular plugins, and this has produced great results as smaller additions have begun to follow (or steal) the encoding techniques used by larger projects.
So indirectly security has increased in almost all plugins.
____________________
- WorPress Get to know the history of the most popular CMS
- Debian: A comprehensive guide to everything in English