On Thu, May 12, 2016 at 3:41 PM, T Paris <[email protected]> wrote: > If we didn't need access to any WMF databases and could even IP blacklist > the instance's IP, would that alleviate some concerns? Also, would the > auto-update feature help?
The problem is more of serving your readers malware / accidentally becoming part of a botnet. The auto-update definitely helps but isn't enough, IMO - there's no cleanup afterwards that it does, you only need to be infected once for you to be compromised forever, etc. Wordpress is amazingly awesome and I reccomend it to everyone who wants to publish things on the web, I just want y'all to be also aware that it does require constant sysadmin help/lookout to keep it secure. Good luck! <3 Signpost :) -- Yuvi Panda T http://yuvi.in/blog _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
