Yes, but how does Matt really feel?

It reads a little like a rant, but you really can’t blame him.

I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.

If you’re a web host and you turn a bad file permissions story into a WordPress story, you’re doing something wrong.

via WordPress › Blog » Secure File Permissions Matter.

It’s not rocket science and the real problem is explained in detail elsewhere but can be summarized as “It’s the hosting company, Stupid!”

Which leads me to a posting on another blog. Partial blame is leveled “At WordPress for requiring that the database credentials be stored in clear-text. At WordPress again for not installing itself securely by default.”

The ignorance continues with “I also have to agree with Network Solutions that this problem can happen at any shared host site. Not only for WordPress, but for any CMS out there that store the passwords in clear-text.”

That’s just a stupid thing to say. If you are going to make a statement like that, then you need to back it up with “WordPress should have followed example X for how to store that data securely”. It sure is good to call out from the cheap seats and that’s all that blogger is doing.

The impacted users are on a shared server that’s not setup properly. Users get a pass because, well, they’re users. It’s not really the users responsibility to understand how their self hosted blog works and prevent these compromises from making the neighborhood look bad.

Network Solutions loses any credibility because instead of just saying “Yeah, we screwed up and we’re fixing it” they played the ignorant blame-the-software approach. Network Solutions is not a flash in the pan company and should hire someone who can help them overcome Web Hosting 101 issues.