Over the weekend, Robert Scoble had a public (and well warranted) temper tantrum after his WordPress blog was hacked. Not surprisingly, the experience left him upset and digitally vulnerable. But what really disappointed Scoble was WordPress’ casual and, arguably, cavalier, reaction it could have been avoided if he had upgraded to version 2.8.4.
This led to a lively discussion on Friendfeed between Scoble and WordPress domo Matt Mullenweg.
Looking back, WordPress was technically correct in stating that blog users must be diligent by upgrading to avoid any security attacks. There’s a never-ending war going on between software makers and hackers, software makers new to keep counter-attacking.
That said, WordPress dropped the ball by publicly “shrugging its shoulders” with the you should have upgraded message. When your blog has been hacked, the last thing you want to be told is you’ve done something wrong by not upgrading.
From a PR perspective that doesn’t help the situation or make anyone feel any better about things. Instead, many WordPress users wanted to be told what to do, how to fix things, and whether there was anything else they should be worried about such as rogue plug-ins.
If there are lessons to be learned, WordPress has to be more pro-active approach to Web security. If it’s not safe to use versions of WordPress that may only be a few weeks old, then WordPress has to really spread the word – and more than a short message on the WordPress dashboard.
As Elliott Ng suggests, WordPress also needs to create a directory or system that identifies what plug-ins are “safe and which ones are funky”.
Don’t get me wrong, I’m big WordPress fan and user, and respect the work that Mullenweg has done to create and evangelize the technology. But WordPress needs to re-load on how it handles security, and how it deals with its millions of users from a communications and PR perspective.
(Note: This blog was hacked a couple of weeks ago, apparently by Black Hat SEO hackers. As you can imagine, it spooked me about the security of everything I do online, not just my WordPress blogs.)