1. Write horribly insecure free/open source blog software. Become massively popular.
2. Wait for peoples' blogs to start getting hacked. Users then realize they can't / don't want to keep up with the alarmingly frequent vulnerabilities / patches, and turn to wordpress.com to handle hosting.
I'm not sure the tone is appropriate. This happens at every layer of the stack. Entire ecosystems evolve around hosting software systems from laying the wires between cities to comment hosting services. Really, who better to maintain it than the people who built it?
If you were an oracle database customer, wouldn't you outsource your oracle database management to oracle before you'd outsource it to microsoft?
For the last couple of years, you can just click an "Upgrade" link in your admin and it just upgrades itself painlessly. It also lets you know in the admin Dashboard when there's a new version out to upgrade to. Honestly it seems like they've gone out of their way to make it easy for self hosted users (like myself) to keep current.
If you're willing to allow FTP connections and create an account for WordPress to fix itself sure. But I'm not willing to support FTP and also not trusting that WP can't be hacked in a manner that will either then cough up my FTP details or download a hacker's copy of WP.
You can upgrade WordPress automatically now without using FTP. It means that PHP has to execute with write permissions to the files involved however. Exacerbating this security risk, a lot of people run mod_php which means PHP executes as the apache user, thus giving write permissions to every other website on that server. They'll either chmod 777 or chown www-data (or apache) the wordpress folder/files.
I personally use FastCGI+SUExec to ensure that WordPress' PHP code executes under a specific user account other than Apache's. It does not address the possibility of WordPress code itself somehow being hacked, but it does provide some sort of sandbox protection to the site.
I'm not thrilled with WordPress' past security track record, but I think they have made it so easy to use that a lot of users simply throw the scripts up on a shared server without knowing exactly what they're doing so far as server configuration goes. I wonder how many WordPress blogs are exploited because of a stupid permission setup?
If it's asking for FTP details, the problem is that Apache does not have write permissions to the files. The UX is pretty bad in that it doesn't let you know that it doesn't have write permissions, it just ignores that fact and presents the FTP details.
Here's where a lot of the security problems arise. As I mentioned, a lot of people are on a shared host and using mod_php. The only way they can make their files writable is to somehow give Apache write access to them. That opens up the possibility for other sites on the shared server to execute PHP that also writes to these files.
If you're stuck in this position, I'd recommend as a hack/workaround, to temporarily chown the files to www-data/apache. Perform the upgrade, then change ownership of the files back.
Ideally, if you're setting up your own server, I'd recommend FastCGI/SUExec:
You have much finer-grained control over how your PHP can execute. Alternatively, although I have no experience with it, you could try suphp to achieve a similar effect but by sticking with mod_php.
You could just run it from SVN and periodically go in and upgrade.
I host and keep 6 blogs up to date like this for friends and together with things like mod_security I've never had a problem with spam or being hacked.
I realise this is just anecdotal and isolated, but an upgrade doesn't get much simpler than "svn up".
I know people that use a similar approach (albeit) with git. Comments are hosted on Disqus so the entire site is essentially read-only. WPSuperCache is used on a staging server and the actual public-facing website serves up static pages that have been git pulled from the cache. The Apache process on the public-facing server only has read permissions to the public site files.
No you don't. It upgrades in place by pulling down files and updating itself. And you don't need to let it write to your whole webroot, just to the wordpress install directory.
Wordpress didn't just magically "Become massively popular", it got so because it served many people's needs (there were plenty of alternative free/OSS blogging engines all along). Its developers put in thousands of hours' unpaid work before monetizing became an possibility.
Providing supported/hosted services based on an open source solution, while continuing to release your work as open source, is about as noble as a business model can be, IMHO.
Did you even bother to read that? That's almost all from 2-3 years ago. The only recent stuff is the list from Secunia, which for 2009 is all marked as patched:
And that only illustrates the broader point here: WordPress is open source and incredibly widely used, so typically vulnerabilities are found and patched pretty fast. For 99.9% of people, there's not really a better alternative.
Wow, I can tell this is a touchy subject for you. I'm not claiming that I know of any unknown security flaws, I was simply proving to you that there have historically been quite a few critical security flaws. Are you claiming that the current version of WordPress has somehow transcended its track record of critical vulnerabilities, and surely, this one will be the one for the ages?
I don't know of any current zero-day exploits in Windows either... Does that logically mean that Windows is a rock-solid platform?
Also, there are no better alternatives to WordPress? A hundred startups and blog platforms would disagree! There certainly are quite a few more secure alternatives. I personally use Bloggart on App Engine. :)
This article refers to holes in previous versions. Do you have reference to holes in the current one? If there are, wouldn't Wordpress.com be just as vulnerable?
For what it's worth, the vast majority of compromised sites we look at are because of host vulnerabilities or issues rather than something at the WordPress layer, which is pretty far up the stack.
An up-to-date WordPress, which is easier than ever using the built-in upgraders, is secure. There are more bad sysadmins in the world than people who can't click the upgrade button.
1. Write horribly insecure free/open source blog software. Become massively popular.
2. Wait for peoples' blogs to start getting hacked. Users then realize they can't / don't want to keep up with the alarmingly frequent vulnerabilities / patches, and turn to wordpress.com to handle hosting.
3. Profit!