Matt was spreading some words lately about WordPress security. His suggestion: keeping current. Not a that bad Idea, but please keep in mind that there are other even better suggestions as well like: uninstall WordPress. Known security issues aren’t patched because no public exploit is currently “known” (those exploits really pay for remote-SEO, so there is actually no need to report them)[1] not to speak from the immense deficies in it’s architecture that prevents WordPress being developed as a webapplication with security in mind.
So you can tend to say, that using WordPress is insecure and next to “stay current”, “keep the fingers off” is a equally well suggestion that will help you to gain security.
If “code is poetry” then even slam poetry is a too nice term for the disastrous way WordPress is coded. Just read the source and start puking. Nothing to add. For example “escaping” data to prevent sql injections to name just one wound that Matt does not get fixed for months if not years. Yes Matt, you as maintainer are responsible.
/rant off
[1] WordPress has reacted and the current version does now contain older security related patches.
