slavco
slavco
Nov 1, 2018 · 3 min read
Image garbed from https://www.backpackertravel.org/ via google images :)

WordPress world is facing interesting point in its existence — release of gutenber. Everyone involved in WordPress in any way, knows that time in near future, for every WordPress related discussion will be measured in pre / after gutenberg terminology due changes that will be bring to us. This point in WordPress existence caused a lot of buzz around. Many forks are announced(only two are public: ClassicPress and CalmPress ), accessibility team lead resigned due very strong personal & professional reasons, many plugin developers started to show their concerns regarding future of their products… At the end, accessibility concerns and issues become most loud in WordPress world. There is going a lot, but I must say from my perspective of view, many folks are abusing this movement in order to achieve something else…

Reason for writing this

It is simple, few people from the WP security team started with their behavior very well known to anyone who ever submitted vulnerability towards WordPress, finishing with ranting and making fun of WordPress on social networks. It is really interesting to see someone is really happy to put his criticism towards another people work, to measure pixels, to simulate first time on the keyboard experience, to cover himself under accessibility movement while in his area to practice censorship, ignorance and to delay its responsibilities, directly exposing complete eco system under a threat. You know, in order to be able someone to experience accessibility issues in one system, that system must be working for him at the first place.

Edit: Today 7th of November 2018 another hero took my attention.

The interesting thing about all of those (anti)gutenberg write ups is the following(they all seem to be written from some weird template):

  • they wrote the blog posts with gutenberg
  • accessibility concerns are must
  • and main reasons for delay of the release date are bugs they faced

Good! Was WordPress bug free until now? Even more, this guru says he have 10 developers involved in the story, but 10 days before gutenberg release he decided to go public and to announce that it is a crap… Well done :D :D :D
I don’t know if he have/sponsor some security team member, but if he was all in about accessibility and bug free WordPress then we would see a lot of reactions in the past.

Insecure systems are not accessible at all

Here we need to ask few questions towards security team that is accessibility related!

  • How easy those people can handle ban from shared hosting of their WordPress due some silly DoS attack performed from phone?
  • How easy those people can handle data breach in their community, e-commerce, media setups?
  • How easy those people will adapt on new software if their company decide to move towards another solutions due WP security issues?

There are many more questions and many many more use cases, but the fact remains that after a few years, WordPress security team, do almost nothing about any high / critical issue reported towards them, not to mention the fact that all of the issues at the end finished published as 0days.

websec

Attack sources + web application security

slavco

Written by

slavco

websec

websec

Attack sources + web application security

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade