Gregg
Forum Replies Created
-
Forum: Requests and Feedback
In reply to: Security Review ProcessIt’s not about proving WordPress is secure. The issue is a public perception.
Imagine a website developer selling a site based on WordPress to a client. It could just as easily be anyone thinking about using WordPress. The client may have heard rumors that WordPress isn’t secure and challenges the developer to prove it is secure. The developer has to do what I’ve been doing – piece together the evidence.
It would be much easier if there was a single page, under the WordPress.org site, to go to answer the question clearly and concisely. Highlight the existence of a security team, their objectives, the work they do proactively and reactively. No need to mention names or specifics.
Forum: Requests and Feedback
In reply to: Security Review Process>> In what way?
It could be as simple as a one pager that acknowledges there IS a security team, it’s objectives, and the general process it uses proactively as well as reactively. I know this may seem silly and redundant but users like convenient, easy to understand packages of information. That they have to visit several pages to get the answers isn’t working and leads to misunderstanding.
Forum: Requests and Feedback
In reply to: Security Review ProcessRight. We’re talking about perception here – the perception of insecurity that could be significantly reduced if not erased by including more visibility of the security team itself.
Forum: Requests and Feedback
In reply to: Security Review ProcessAh, thank you WPyogi. So there is a team. Perhaps they prefer to lay low.
Forum: Fixing WordPress
In reply to: New Website, DNS propagated, but unaccesibleI’d go back to GoDaddy because the domain name is clearly not resolving properly.
Forum: Requests and Feedback
In reply to: Security Review ProcessIn thinking about how to articulate this better I think the issue is a matter of perception and public awareness.
Coders care and they can read through the development blog posts – if they care to. Joe & Sue Public aren’t going to and even if they did, wouldn’t understand 99% of it. What WordPress is missing is a few confidence builders – akin to the “Protected by Verisign” logos on eCommerce sites. Something that clearly indicates the WordPress team has an organized approach to security.
Example: Joomla – http://www.joomla.org/announcements/general-news/5205-the-new-joomla-security-strike-team-attacks.html
Example: Drupal – https://drupal.org/security-team
That the Joomla and Drupal communities have organized clear security teams with clear objectives has a powerful impact on public and community perception/confidence – even if it’s no different than what the WordPress community has. It’s just that they packaged it into an easy to understand black box, with a clear label and outcomes.
Again, please don’t get me wrong. I’m not questioning if WordPress is secure or not. I’m trying to help erase the myth that it’s not.
Forum: Requests and Feedback
In reply to: Security Review ProcessJan,
I’m sorry but i wasn’t clear enough. By lack of transparency I meant with the security review process and if there’s a dedicated security team. I can’t find a clear indication of either. It would help with the credibility of the claim that WordPress is secure if there’s a clear protocol for testing, reviewing, and resolving security issues by a dedicated team. I have visited the developers blog. I see sections for the Core, Community, Themes, etc but not Security. Which also leads people to the question of why not?I assume there is some form of review process – the FAQs and resources you list (which I have read through) all indicate there is (plus I know issues DO get resolved) but there’s no indication of what happens when an issue is discovered. I’m in agreement with not posting the details of a security vulnerability and that’s not what this is about. I’m trying to uncover how the WordPress team approaches security.
Forum: Fixing WordPress
In reply to: Line of code appearing at top of Homepage textLooks like broken HTML code. Something before this wasn’t closed or has a syntax error causing the browser to spit this out because it can’t process it.
Forum: Fixing WordPress
In reply to: Auto updates failingForum: Fixing WordPress
In reply to: Map subdomain to specific pageYes it is possible but the particulars depend upon your host’s setup. Most likely you can do this through your control panel (cPanel, Plesk, or ?)
Forum: Fixing WordPress
In reply to: Auto updates failingDid you check permissions?
Forum: Fixing WordPress
In reply to: Error uploading photosAre you uploading to the Media library or using a plugin like NextGen?
Forum: Requests and Feedback
In reply to: Security Review ProcessThanks for the reply Jan. That’s a helpful post. Do you know of a formal review process for security issues/exploits in place? It’s all well and fine to say it’s secure but part of the issue is a lack of transparency about what WP does to review it’s code and ensure the core is tight and secure.
Forum: Fixing WordPress
In reply to: Body backgroundChange:
background: #fff;
to
background-color: #fff;
I don’t understand #2. The page has a footer that I can see.
Forum: Fixing WordPress
In reply to: Columns that look good on PC and smartphoneUse a mobile CSS that forces the columns to line up the way you want when the page is viewed with a mobile device. The columns could be divs with a float:left. As the screen width gets smaller, the div furthest to the right will wrap under the others.