"nothing should ever be done to inconvenience the user."
Having sites hacked due to old version of PHP is an inconvenience.
Why not just tell everyone to chmod 777 the entire website too, just so they're not inconvenienced?
Tongue-in-cheek, of course, but there's a balance to be struck between convenience and security, and I think they're somewhat on the wrong side.
I was really mixed on the 'auto-update' wordpress core stuff. While I get it - it keeps some people up to date - it also means my system needs to be left in a state where software can be altered, and that means it can be maliciously altered too.
The "moving to a new version when they don't know the language" argument - I don't buy it. Almost everyone I know who has wordpress installed who is not a techie has a host that manages it, or presses a button on a control panel. Pressing another button, or having the host do some more stuff - neither of these are inconveniences that outweigh the security benefits - not just to that site owner, but the rest of the internet.
Why not just tell everyone to chmod 777 the entire website
I run a cron job on my hosting server that detects clients that have done that. I alert several a week regarding the state of their security. I'm nearly always told they followed some "Wordpress installation guide" they found online and won't be changing it.
Having sites hacked due to old version of PHP is an inconvenience.
Why not just tell everyone to chmod 777 the entire website too, just so they're not inconvenienced?
Tongue-in-cheek, of course, but there's a balance to be struck between convenience and security, and I think they're somewhat on the wrong side.
I was really mixed on the 'auto-update' wordpress core stuff. While I get it - it keeps some people up to date - it also means my system needs to be left in a state where software can be altered, and that means it can be maliciously altered too.
The "moving to a new version when they don't know the language" argument - I don't buy it. Almost everyone I know who has wordpress installed who is not a techie has a host that manages it, or presses a button on a control panel. Pressing another button, or having the host do some more stuff - neither of these are inconveniences that outweigh the security benefits - not just to that site owner, but the rest of the internet.