Are you familiar with the hypothesis ‘there’s safety in numbers’? It’s the idea that by being part of a large group, an individual is less likely to be the victim of a bad event. Well, when it comes to internet security, the WordPress community has definitely proven this concept to be true.
The robust community built around the open-source platform WordPress has cultivated a knowledgeable, caring, and secure environment.
Wednesday at the WordPress San Francisco Meetup, Brennen Byrne (CEO and co-founder of Clef) addressed this idea head on, when he gave a presentation on how the WordPress community is building the web’s most secure platform, and what you can do to help.
There is security in community, Byrne emphasized. WordPress has created an infrastructure of care, where together the community educates, interacts, and works together to improve WordPress as a platform. Byrne said,
You fix it for one of us, you fix it for all of us.
This year has definitely proven just how strong the WordPress community is. It’s been a big year for WordPress security. But through it all, WordPress—and the community—has stood strong, Byrne indicated. Byrne went on to say that he believed 2014 would be remembered as the year of WordPress security.
Take the Heartbleed Bug, for example, WordPress was able to react quickly because the ecosystem communicates, Byrne said. In fact, WordPress was one of the first communities to protect itself from the OpenSSL breach.
Byrne went on to emphasize how the Jetpack bug was quickly identified and resolved—even before the announcement was made public. But, although the bug was fixed, Jetpack publicly disclosed the breach, and alerted the community regardless. It’s this type of transparency that enables a greater level of collaboration across the WordPress space. “It’s our ability to educate each other that helps protect us more and more,” Byrne said.
Awareness and transparency are fundamental for maintaining a healthy ecosystem. However, even though WordPress is equipped to handle security issues, Byrne went on to discuss some important things that you can do to make WordPress security even better.
First, you can protect yourself first, but then pay it forward, Byrne suggested. Share what you’ve learned with the WordPress community. Byrne compared this to airplane safety: Put your own mask on before assisting others.
In addition, Byrne suggested that as a community we should push for better defaults. For example, automatic updates should be the default option, and turning them off should be the manual choice, not the other way around. Many of the security breaches enter through sites that haven’t been updated, so this is a critical point. Even if you turn off your updates, be responsible in making sure you keep up to date with updates.
Byrne’s presentation shed a unique light on WordPress security. The more optimistic tone made his presentation more digestible; compare this to the dark, threatening tone that usually accompanies talks on internet security. Presenting security issues in a fun and friendly way (rather than relying on fear) can help us see them as an opportunity to work together (rather than a threat).
Do you think 2014 will be the year of WordPress security?
Marie Dodson is the assistant editor at Torque. She graduated from Cornell University with a degree in Biology and Society. She enjoys wine, good books, and travel.