WordPress.org

Support

Support » Requests and Feedback » signed one-click upgrades?

signed one-click upgrades?

  • A while ago, someone observed, on slashdot.org, “<i>If wordpress.org is hacked, again [wordpress.org], their one-click upgrade feature means instant ownage for all WordPress blogs everywhere.</i>”. Someone responded to that by saying this:

    Haven’t they ever heard of signed patches?

    Why can’t they make the one-click upgrade verify a GPG signature before performing the installation of the code contained in the upgrade file?

    My question is… why doesn’t WordPress do this? Here’s a class WordPress could use to do this:

    http://phpseclib.cvs.sourceforge.net/viewvc/*checkout*/phpseclib/phpseclib/Crypt/RSA.php

    The wordpress devs sign with their private (encrypted) key – a key that could only be obtained through having their own personal computer hacked – and wordpress then verifies that the release was signed with the private key with Crypt_RSA. To make it even harder for an attacker to get the private key secret sharing could be employed.

  • The topic ‘signed one-click upgrades?’ is closed to new replies.