To try to set the record straight, WordPress.org (the open source project) doesn't host and websites apart from our own (WordPress.org, WordCamp.org, BuddyPress.org, etc). So people can't host with us. Also, while we do have some recommended hosts that have helped the community as well as put a lot of effort into making their WordPress hosting really exceptional, they were not the only hosts we worked with on this (or even the majority).
Additionally, the work with hosts and WAFs happened in parallel with the work on the patch. WordPress users are our priority and they exist at pretty much every host. The best way to secure them all is to get a patch out. Anything we can do to mitigate the risk between finding out and when that patch is ready, is really just a bonus :)
Saw this earlier today. That's rough. Obviously they had some problems with their architecture (backups shouldn’t be able to be deleted like that), but it's still pretty messed up. I hope they catch the guy. I won't help Code Spaces, but whoever it was deserves to be caught.
By default it only updates minor releases, which are only used to fix security issues and regressions. So it's only automating the the safest updates, and I think the good it will do by keeping sites secure outweighs the risk.
This is so true!
To try to set the record straight, WordPress.org (the open source project) doesn't host and websites apart from our own (WordPress.org, WordCamp.org, BuddyPress.org, etc). So people can't host with us. Also, while we do have some recommended hosts that have helped the community as well as put a lot of effort into making their WordPress hosting really exceptional, they were not the only hosts we worked with on this (or even the majority).
Additionally, the work with hosts and WAFs happened in parallel with the work on the patch. WordPress users are our priority and they exist at pretty much every host. The best way to secure them all is to get a patch out. Anything we can do to mitigate the risk between finding out and when that patch is ready, is really just a bonus :)