Oh look – someone is slagging WordPress because of security problems. He goes so far as to recommend a competitor, in this case, Moveable Type, which he promotes on his web site.
Should one take the time to read down to the last paragraph, one will discover that in order to have a secure Moveable Type (MT) installation, one must disable comments. His link to Moveable Type security notes mentions several additional security precautions one should take with Moveable Type to remain secure:
If you can turn off comments and search then you can effectively hide all traces of your Movable Type installation from the public eye and just use it as a convenient tool for generating static but easily-updateable pages. Most people won’t even know you’re running Movable Type. By putting your install in an out-of-the-way location, you can use security through obscurity (not always a bad thing) to protect you from any flaws that might be in the product. I use this technique on my personal weblog…
So then, in order to have a more secure blogging product, we do the following:
- convert to another platform, specifically MT;
- turn off MT comments;
- and while you’re at it, turn off your MT search function;
- don’t advertise the location of your MT install;
- move your MT install location to a more unintelligible URL.
I really don’t have any problem with it all, I just thought it was amusing that in order to recommend overcoming the security lapses of one product, one must use another product with its own security problems.
Yawn.
(Thanks to Photo Matt for the post. He’s the founding developer of WordPress.)