Throwing stones

Oh look – someone is slagging WordPress because of security problems. He goes so far as to recommend a competitor, in this case, Moveable Type, which he promotes on his web site.

Should one take the time to read down to the last paragraph, one will discover that in order to have a secure Moveable Type (MT) installation, one must disable comments. His link to Moveable Type security notes mentions several additional security precautions one should take with Moveable Type to remain secure:

If you can turn off comments and search then you can effectively hide all traces of your Movable Type installation from the public eye and just use it as a convenient tool for generating static but easily-updateable pages. Most people won’t even know you’re running Movable Type. By putting your install in an out-of-the-way location, you can use security through obscurity (not always a bad thing) to protect you from any flaws that might be in the product. I use this technique on my personal weblog…

So then, in order to have a more secure blogging product, we do the following:

  • convert to another platform, specifically MT;
  • turn off MT comments;
  • and while you’re at it, turn off your MT search function;
  • don’t advertise the location of your MT install;
  • move your MT install location to a more unintelligible URL.

I really don’t have any problem with it all, I just thought it was amusing that in order to recommend overcoming the security lapses of one product, one must use another product with its own security problems.

Yawn.

(Thanks to Photo Matt for the post. He’s the founding developer of WordPress.)

3 thoughts on “Throwing stones

  1. Actually they also recommend using Blogger. You know Blogger, right? The one where anyone can throw up a redirecting javascript or iframe.

    At least wp doesn’t have an issue with comments.

  2. seems to me it’d be better – or at least simpler, less stressful – to just go back to a hand-written journal if one has to practically lock visitors out of one’s blog in an attempt to maintain complete security. using any software on the net has its risks, and there are no absolute guarantees even when one follows the best ‘rules’.

    each to his own, but I’d rather just use something that offers the best balance among all pertinent factors and that still allows me some freedom & ease of use.

Leave a Reply