I would like to interview Christoff about this question. He told me there was more in the story, but now he can’t say more than in the release post. But that’s what he told me. The
To be honest, the biggest problem with safety work is that people want to know all the answers immediately. Although I understand it, the overall point of security is that we have limited content and time to say at first. The answer was disappointing. The description of the change is limited, and there is no advance warning that the change will come. Create your own content management system. In fact, in order to improve PHP development technology and extension knowledge, I taught myself how to use symfny components. That is to say, in some use cases, symfny prefers to use the front-end router than WordPress, but in fact, symfny does not use its own content management system for purposes other than the test server. The
If you know that a team is working to find and modify strange situations that can be used to maliciously use WordPress, you can sleep at night. That’s why I use the word printer. I just don’t want that responsibility. Choosing WordPress as the content management system can outsource most security issues for free. Do you trust them? Of course, if the site has problems due to security updates, it will be depressing, but it is better than the alternative. The lack of communication on security changes is due to the openness and sharp contrast found in the rest of WordPress development, but it must be so. The
If you can’t trust the people who make these decisions in secret, you should disable WordPress. Security issues must be kept confidential. With this in mind, you should trust the WordPress security team to perform the tasks required to ensure WordPress security and safety. If you are not satisfied with the changes to the shortcut code API, you can undo them from the site. It is strongly recommended not to do so, but it can be done. It’s easy to get angry when you don’t know the WordPress security team and are negatively affected by their behavior. WordPress 4.2.3 is not because of the change of shortcut code, but because of the \
Trust in secrets is difficult, but sometimes necessary. WordPress prides itself on openness. Most decisions are made openly in free time, at the core track or at community meetings. Security issues cannot be addressed in this way. They can’t. I was disappointed when security changes were made and had a real impact on end users. In other words, you have no reason to think that these decisions are unwise. The WordPress security team has the best intentions. We have never seen other proposals. For this reason, we not only owe them our trust and suspicion, but also thank them for keeping our website safe.
