Wordpress security
Well, I had a rather interesting experience recently. This wordpress install was compromised due to a security bug in the previous version I was using. This was the latest version that comes out with Ubuntu, but because this version comes from the Universe repository, the Ubuntu security team refused to release a patch to fix the bug, and the Ubuntu Wordpress maintainer obviously wasn’t interested in releasing a new version.
So to all you Ubuntu users out there, be aware, Universe can and probably DOES contain remote exploitable software that can lead to root compromises.
I have upgraded this system to the latest from Wordpress, and reminded myself to subscribe to the announcement list in hopes of getting info about possible new security problems. If it gets compromised again, I’ll have to uninstall it completely and find something else.
Addendum: Please note that the failure here was in me in not checking on each and every piece of software available for Ubuntu, and the Ubuntu Wordpress maintainer for showing indifference to a known in-the-wild remote exploit for the software. I don’t blame Wordpress for the compromise, because as a software developer, its difficult to write secure software (note: difficult, not impossible).
