Moderator
James Huff
(@macmanx)
Volunteer Moderator
There are no known security conflicts with the picture upload ability or the ability for users to leave comments. Please ask your hosting provider to check with us. All known security holes should have been plugged as of v1.5.1.2.
They may be getting this confused with allow_url_fopen(), which is a security hole and was used by pingbacks and trackbacks in v1.5. This was fixed and changed to cURL in v1.5.1.
Thanks for the quick reply, but how should they contact you? On the contact page, there is not an email address that I can give him for this type of question.
I thought that this might have been a problem caused by information lag and would like to use WP for my website.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Oops, sorry about not including that. Contact “m at wordpress dot org” .
P.S. You would be contacting Matt Mullenweg, the lead WordPress developer, not me (I’m just a volunteer).
I do not want to hear that I should change my web host because they are an amazing company that will bend over backwards for my site and it’s security.
By all means contact Matt.
But I would dispute the above quote. If your host has so little initiative that they would demean WP to you before first checking on updates to the software just doesn’t smell right to me.
Of course you’re in the best position to judge that.
macmanx – thanks for your response, I have passed the email on to my host.
Marc – without explaining the history of why I think that my web host is looking out for the best (not just for me but for their entire system of servers), I would rather have them respond to me with a negative than allow me to use something that MAY not be 100% safe and secure. I am not saying that WP is not safe and secure, but even some commercial products are not safe and secure (and thus not allowed to be used by my web host).
But, again, thanks for the quick response.
duke-thad: have you told Matt the name of your host ? He could then work with them to allay their concerns.
podz –
I have forwarded the information on to my web host and I am sure that they will follow-up. Also, I am in the UK and they are in Cali … so, it will be a later before they get the message.
I just wanted to add my 2cents. 😉
I was using Greymatter for a long time and that software does have huge gaping security holes. I had to delete and restart several blogs because once I got over 150 posts, when I updated the site in anyway, I’d get my account shut down because it was using to much CPU time, etc.
As an alternative, my host actually recommended WP to me. I think they even have one of those easy set up functions though I didn’t use it.
I certainly think that WP is far more stable, feature-rich, and secure than Greymatter so I wonder if your host has WP confused with some other types of journal-ware.
ipowerweb uses WP as its default blog, allowing novice uses to add a new blog with a file name and a push of a button. They took a long time to make this recent switch and apparently went through several months of testing before they made it a public option.
That’s my one cent.
I do wonder what your webhost does recommend. It seems that any choice has a measure of security concerns that a good webhost is able to deal with in a way besides banning products.
