WordPress 3.0.2, the first mandatory security update in quite a while, was released not too long ago. The update patched an exploit which allowed an Author-level users to gain access to the site well above their user level, but the real story here is the overall efficiency of the volunteer developers.
With a team unpaid volunteers keeping WordPress in tip-top shape, you might be surprised to hear that this particular update went from initial disclosure of the exploit to final release in no more than four hours! That particular time frame is almost unheard of, even amongst commercial projects.
To further sweeten the pot, the VaultPress team automatically pushed a hotfix the next day to all VaultPress-enabled blogs, ensuring that all VaultPress users were protected from the exploit, even if they had not had a chance to apply the 3.0.2 update.
With such an efficient team of volunteer developers, and an easy to use automated update system that’ll have you on the latest version in a matter of seconds, WordPress security exploits may start to become less of a concern for a community of millions of avid bloggers.
Also worth mentioning, Dreamhost had updated all their 1-click installer & updater within an hour with the latest version. Shared hosting providers should take note.
While it’s definitely a nice evolution to move to the point where the security updates are of less and less concern, let’s just hope that sort of attitude doesn’t spread to the cracker jack community of volunteers that save our bacon like they do!
but still there is no guarantee that everything will be immune from the various ghosts attack vandal or conflict between plugins
Thanks to all of those Word Press developers that work hard to keep us safe.
Roy.
Somehow i always ignore new wordpress versions, it’s a real bad habit of me. I should really take an hour of my time to update all my wordpress sites, i do not want to get hacked and lose all my hard work.
I do the same. I don’t trust automated upgrade, and I didn’t even heard of 3.0.2 yet and 3.0.3 is out.
I’m gonna wait for 3.0.4 and do it once, then wait for 3.1.3