What WordPress should Do ?

by Arun on 15. Sep, 2009 in wordpress

This post was deleted by admin because of its way of written leads to more harm than good.Sorry for the inconvience caused. Refer updated post for more info -> http://sparun.in/an-apology/

Popularity: 11% [?]

Tags:

Post Author

This post was written by Arun who has written 48 posts on S . P . A r u n . I n.

Arun Balasubramanian.S.P is a 25 yr old boy from India.He is working as a Civil Engineer.He loves WordPress, Windows and the Web itself.

13 Responses to “What WordPress should Do ?”

  1. Otto 15. Sep, 2009 at 8:49 PM #

    To answer your questions:

    1) Where the hell are you until now”?

    Answer: The latest security problem being exploited (or the one you’re pointing at anyway) was fixed 6 weeks ago. Where the hell were YOU? The automatic upgrade may not work for you, but the WordPress dashboard certainly INFORMED you of an available upgrade. The WordPress development news box on the dashboard also contained a “2.8.3 Security Release” message for weeks. 2.8.4 was a security upgrade as well (not the bug being exploited, however).

    2 ) is WordPress taken any single action against such host by contacting them to solve the problem for WordPress users ?

    I’m assuming you’re referring to the problems you have with the Automatic Upgrade. A list of hosts that are known to work with Automatic Upgrade is provided here: http://codex.wordpress.org/Core_Update_Host_Compatibility

    If your host is on the list of working ones, and you can’t get it to work, then have you tried asking for help in the WordPress Support Forums? A lot of people are there that can help, although I admit getting their attention is difficult. Too many questions, not enough people volunteering to help out.

    3. How can I delete/stop post revision in WordPress ?

    Well, if you don’t want to install a plugin, then you can’t. Cope with it.
    Simple plugins to do simple things like this are made specifically in order to survive upgrades. They tend to just work. Use them.

    • Travis Ballard 15. Sep, 2009 at 10:41 PM #

      otto, i love you. in a totally heterosexual way that is. there have been many security releases not just 2.8.3 and wordpress notifies you of each one. if you stayed updated, you would have nothing to worry about. updated software serves one of 2 purposes. 1) to fix security holes that were overlooked, and 2) to add more functionality and/or to improve upon existing functionality. these 2 reasons alone are enough to want to stay up to date with any of your software. not just wordpress.

      As for modifying the core files, it really is a bad idea. sure it may work, but when a new version is released to fix a security issue, you’re changes are null and void and will need to be redone with every upgrade. this can be a tedious process that many people simply do not want to participate in. if your core files are untouched, then there will likely be no issues with updating.

      As far as hosts that do not support wordpress’ one click upgrade then that is your fault. you can either pay the $5-$10/month for hosting that works like it should or you can sign up for a wordpress.com account where you dont have to worry about updating as they do it automatically for you. you have a choice here. you choose to stay with a host that is sub-par and while that is your decision, it certainly gives you no right to complain about it as there are plenty of other options out there that do work and work well.
      .-= Travis Ballard´s last blog ..Bored in Tallahassee? Volunteer at Alfred B. Maclay Gardens =-.

  2. Arun 15. Sep, 2009 at 10:29 PM #

    @Otto
    First of all, thanks Otto – for taken the time to comment in this post.
    I dont know,”whether You are misunderstanding my questions” or “i am not able to put it properly” (english is not my first language btw)
    1. I am NOT asking where you guys are AFTER the Hack attack and now. I am asking, where are you guys BEFORE this Hack attack ? Why not you guys talk about “security” and take it as serious as now BEFORE this hack attack ?
    2. Here i am asking about “whether wp take any measures to CONTACT the hosts , which are listed as NOT WORKING in that codex page”
    3. So you are saying that, you guys will add Everything to the wp core (which i dont want), which cannot be turned OFF from the admin backend and top of that, you are insisting to install another plugin to control that behavior. This is HIGHLY UNACCEPTABLE

  3. Brad 15. Sep, 2009 at 11:07 PM #

    You can easily turn off post revisions by defining the option in wp-config:

    http://codex.wordpress.org/Editing_wp-config.php#Post_Revisions

    Quick search on Google would tell you that. This is obviously a link bait post which features ridiculous claims.
    .-= Brad´s last blog ..Announcing WPClassroom.com: Online WordPress Training =-.

  4. Brad 15. Sep, 2009 at 11:10 PM #

    Also if you search “wordpress security” on Google my security presentation from WordCamp Montreal is at the top:

    http://www.slideshare.net/williamsba/wordpress-security-1709496

    Have you read this? Should WordPress print off a copy for every user and mail it to you?
    .-= Brad´s last blog ..Announcing WPClassroom.com: Online WordPress Training =-.

  5. BadCat 15. Sep, 2009 at 11:15 PM #

    2 small notes:

    1) “How can I delete/stop post revision in WordPress ?”
    Without a plugin? Well, perhaps one of these will work in your wp-config.php file?

    define(‘WP_POST_REVISIONS’, false );
    or…
    define(‘WP_POST_REVISIONS’, 3);

    there’s more on WordPress.org and another decent writeup here:
    http://www.optiniche.com/blog/422/autosave-post-revision-control/

    2) “Finally, Don’t forget to edit that stupid About page with your info after installing.”
    I believe you can eliminate the WP defaults (including the “About” page) with a custom installation. Yes – it’s altering the “core” – but you asked for a solution… :) It’s been around for a few years now. I found it on the WP forums.
    http://wpbits.wordpress.com/2007/08/10/automating-wordpress-customizations-the-installphp-way/

    And I think there’s even a way to bypass some of this and just drop the changes into your own functions.php.

    Sure, WP has it’s own issues/quirks – what doesn’t? But many of these issues have been addressed by the community. There’s a ton of info out there. Finding it is the fun part.

  6. Arun 16. Sep, 2009 at 12:36 AM #

    @Brad
    First of all, I KNOW, how to disable post revisions. O.K ?
    I just want the post revision feature SHOULD work as any other feature in wordpress.
    Do you think, Any other feature in wordpress like xmlrpc, keyboard shorcuts, privacy settings, additional blue theme are ON by DEFAULT ? No. So the users who dont want the above feature will do NOTHING and the one who wants them, turn them ON within ADMIN BACKEND. But the post revision feature is ON BY DEFAULT and it CANNOT be disabled via admin backend. On top of that you guys are telling users to mess with wp-config file ?(Even the above metioned codex page list this setting as advanced and not as default )
    what i ask for is, 1.Disable this settings by Default or 2. Add a admin backend option to disable it.
    A post can be considered as a linkbait post by many means and if you are saying about writing controversial posts, yep.. It is..
    What Ridiculous claims ? Every one i said is a valid claim and i can explain everything like this comment.
    Anyway thanks for the comment.

  7. Peter van der Does 16. Sep, 2009 at 12:37 AM #

    Quote:1. I am NOT asking where you guys are AFTER the Hack attack and now. I am asking, where are you guys BEFORE this Hack attack ? Why not you guys talk about “security” and take it as serious as now BEFORE this hack attack ?

    Why are the developers shouting of the rooftops to update, BECAUSE there is a bot out there trying to exploit it. Previously there never was a need to make a big fuss point releases.

    Just look at Microsoft, I believe it’s every week now, they release updates. And every now and then they send out a press report because the security fix demands more attention.

    2. Here i am asking about “whether wp take any measures to CONTACT the hosts , which are listed as NOT WORKING in that codex page”

    Why would WordPress do that? If you believe WordPress is the right blogging tool it’s up to you to find the right host. (you is not personally meant). If you buy a trailer it’s up to you to find the right car to pull that trailer. You can’t expect the trailer company to call Ferrari to make changes to their F50 because it can not pull the trailer.

    P.S. I am not a WordPress core developer nor am I working for Automattic
    .-= Peter van der Does´s last blog ..How to update your custom Ubuntu Jaunty kernel after a new kernel release – revised. =-.

  8. Arun 16. Sep, 2009 at 1:13 AM #

    @Brad
    There is no need for WP users to search for “WordPress security” BEFORE the recent hack.So they search for plugins and themes instead :)
    But that is not my question.My question is “The amount of AWARENESS created by Developers about “WP SECURITY” AFTER the hack attack is HIGH. Why they doesn’t create this much awarness about security FROM THE BEGINNING of WordPress ?
    And for the mail, if atleast the wordpress own handy mailing list for new release notification comes as expected, it is more than enough for me :)

  9. Arun 16. Sep, 2009 at 1:57 AM #

    @peter van der does
    this is what i am trying to CHANGE.
    EVERY SINGLE WordPress point release update is important security fix.You just doesnt know it, since there is no wordpress security talk (like now) WAS done because nobody tried to hack it before they fix the vulnerablity.

    REMEMBER :
    Just because, microsoft releasing an important security update for windows VISTA , it DOESN’T mean that i CAN’T live Hapily with windows XP

    2. If so, then why wordpress has a seperate page for hosting ? Why should wordpress do this then ?

    • Scott Kingsley Clark 16. Sep, 2009 at 5:04 AM #

      I’ll do my best to address my concerns with this post as legibly as possible so that you understand it.

      1. Don’t CAPITALIZE every other word to give context, we can read your words just fine. Capitalizing them makes you seem like you are yelling, or being very aggressive. Both of which, no one reacts well to.

      2. WordPress is, and has always been secure to the best of the developer team’s abilities. If a security vulnerability is found, the WordPress Core Dev team fixes it. So being afraid that WordPress isn’t taking security seriously doesn’t seem to make sense. They have had a long preexisting trend since the beginning in releasing updates and fixes for any security threat that was found.

      3. WordPress is infinitely customizable if you’ve got the right knowledge under your belt. You don’t need to go into the Core to change things, that’s what plugins are for. Why are you against using plugins? WordPress is constantly evolving, if the need for a feature to disable post revisions is necessary for the majority of the community, then it’s built in. For everything else, there’s the plugin realm of WordPress. You can do just about anything with a plugin, and that along with Theming, is what makes WordPress a solid choice for running a site on it.

      4. It’s not WordPress’ responsibility to chase down every host on the planet and get them to support WordPress auto upgrades. I guarantee you that there’s hundreds more hosts not listed here that already support WordPress automatic upgrades and they don’t even know it. There are already 93 hosts (and counting) that are listed on the WP.org site as confirmed. That list already includes all the big hosting companies here in the US (and across the world), so it’s up to the host (or hosting client) themselves to test for this and be listed here. Also, nothing is stopping you from simply uploading WP through FTP if you want to upgrade and are unable to use the Automatic Upgrade.

      5. Search Google for “wp-hackers” and you’ll find the mailing list that you can probably ask some more of your questions more directly than the forums.

      WordPress isn’t as flawed as you may think, you’ve just got to take the time to understand it and learn from the information out there. The same applies to many other complex content management systems, there are high barriers to entry for anyone who wants to do something but doesn’t know how. Trial and error is your best bet.
      .-= Scott Kingsley Clark´s last blog ..RT @rocketgenius: Gravity Form… =-.

  10. Peter van der Does 16. Sep, 2009 at 2:48 AM #

    XP still gets it’s updates until it’s no longer supported and a big security flaw is discovered in IE. XP relates to WordPress 1.x while Vista would WordPress 2.x . See 2.8 as Service Pack 8. I guess WordPress 3 would be Windows 7.

    Why they keep a list? So you can be informed to what hosting providers provide a reliable environment for WordPress. It’s not WordPress (a.k.a. Automattic) duty to change the hosting providers, I think it’s a good thing they do give you a list of providers that work with WordPress.It’s like Ferrari suggesting a high octane gas, not that lower octance won’t work but it could, according to Ferrari, lead to less performance.
    .-= Peter van der Does´s last blog ..How to update your custom Ubuntu Jaunty kernel after a new kernel release – revised. =-.

Trackbacks/Pingbacks

  1. An Apology | S . P . A r u n . I n - 16. Sep, 2009

    [...] yesterday, i write a post about What wordpress should do . I was attempting to make some points regarding WordPress , but obviously did so in a very poor [...]