I took sometime off blogging as I wanted time for myself but it never dawned on imageme that whilst I was enjoying my time, heavens fell on the Open Source WordPress once again and it has invigorated the age-old debate on whether to put our trust on Open Source software.

WordPress exploits are not new and even though most of them could do little or no harm but just irritation like the admin password reset exploit which we reported and had to face a lot of heat from the community over the way the exploit was reported but the intention was to prove how vulnerable even a small exploit could be. The fix followed five minutes later but even those five minutes were too much to get me a good shaking. This is how vulnerable WordPress is.

And now I heard of the latest exploit and this time around it could really be deadly. There were reports which were later confirmed that blogs that have installed WordPress as their CMS were under attack in which a script was able to breach the security wall and create a duplicate or separate hidden administrator account. Once that’s done then there’s nothing left to do! Your whole content could be wiped off, meaning a death blow if you don’t maintain backups – so if you still don’t then start maintaining backups.

So the question arises: Can we really trust WordPress with our content? Or put it specifically, can business trust WordPress? What if a public server had WordPress installed and it came under attack? Who will ensure that sensitive data was not leaked? I am pretty sure this might have occurred but it seldom makes to the popular blogs.

Having said that, I really like WordPress and still willing to take the risk partly because bloggers like us have little choices.

But the reality is, after all, Open Source is not the best thing in the world!