[sf-lug] Dreamhost.com, BALUG.org, BerkeleyLUG.com, WordPress, ... (was: Re: wish? to sole? operator/hoster of majority of ... (was: Re: spam vs. anti-spam(2)))

[Rick Moen]

Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):

> And ... not /that/ hard to run a WordPress site, either.
> BerkeleyLUG.com is a WordPress site.  Used to be on WordPress.com and
> we migrated to self-hosted.  Not exactly (super-)trivial, but far from
> rocket science.

WordPress security holes, when they arise, tend to be particularly
severe and quickly exploitable (as it has all the problems of PHP
generally, plus it's just a massive pile of overfeatured, developed PHP
spaghetti code).  Therefore, remediation must be reliable and quick, or 
you are likely to get pwned.  There's a big customer base who are just
not prepared to handle that.  _Moreover_, the real-world problem is not
just that of security problems originating in WordPress itself, but also
in dozens and dozens of popular external add-ons and themes, that are
part of the greater WordPress ecosystem.

At least as far as I'm aware (with the necessary disclaimer that I stay
far away from running WordPress, myself), that is why there is a thriving
specialty market of WordPress-focussed hosting providers -- because they 
provide (or at least promise) a quick-response maintenance umbrella for 
both the WordPress engine and a sizeable fraction of the popular
extensions and themes.