

WordPress is secure, until you combine it with people - smacktoward
http://jasonlefkowitz.net/2013/05/wordpress-is-secure-until-you-combine-it-with-people/

======
mooism2
His first proposal, that WordPress installs should update themselves, makes
sense.

His second proposal, that WordPress should show users a click-through warning
when installing themes and plugins, doesn't make sense. The experience from
e.g. SSL errors in web browsers, is that most people will just click through
and ignore the warning.

Instead of making it _difficult to install_ themes+plugins, make it _difficult
to write insecure_ themes+plugins.

