There has been a lot of noise out there in the last week regarding the recent attacks against various high profile WordPress blogs that were not updated. John Gruber over at Daring Fireball has jumped into the fray with some posts on the subject including this new one titled “How Not to Get Your Blog Hacked”. He provides a link to the blog of Maciej Ceglowski noting that one should not run their blog on a public server unless it’s a hosted solution such as Live Journal or Blogger. Instead one should run a private WordPress install on their own server and then post a static version to a public server. This has to be one of the most ridiculous things I’ve read coming out over this hacking dust-up.
My own suggestion would be to find a competent hosting provider. The other, often suggested by others, option is to update your WordPress install to the latest copy. It’s even an automatic process now for crying out loud. I’m not sure how the Scobles and the Ihnatkos out there can’t be bothered to keep things up to date for security reasons. These guys are technology pundits and they’re this lazy? Is there some reason I should listen to anything they say if they can’t even be bothered to worry about system security?