12 Oct

Security Isn’t The Only Place Where the WordPress Community Is Being Harmed By those in Control

Among the many of issues that come together to create the rather poor state of security these days, there is the poor state of security journalism, which isn’t so much journalism, but stenography, with the journalist simply repeating claims made by security companies. Many of those claims are in fact false, which seems like what journalist should be covering especially when you have millions, if not billions of dollars being spent on security products and services marketed with similar lies as well. That spending on products and services that don’t provide the security promised is having international repercussions, making the lack of good journalism so tragic. What seems like it explains some, if not a lot, of that lack of critical coverage is that you have security journalism outlets that are owned by security companies, even while being promoted as being “independent“. Journalists at those outlets are unlikely to be critical of security companies, since that would likely bring attention to the ownership situation and raise concerns about the reason for the critical coverage (even when it would likely be very warranted). It wouldn’t seem hard to believe that other journalist likely would do the same since their next paycheck might be coming from a security company.

WordPress faces a similar situation. One of the few outlets included on the “WordPress Events and News” portion of the WordPress admin dashboard is the WordPress Tavern, which is owned by Matt Mullenweg. That is disclosed on the About page of the website, but doesn’t look to be generally mentioned when something else connected to him is being covered. That connection seems like it might be of concern when it comes to what was mentioned in a recent post on the website, which is headlined WordPress Accessibility Team Lead Resigns, Cites Political Complications Related to Gutenberg.

The post doesn’t really touch on the political complications at issue, if you read the post from the person that resigned, Rian Rietveld, one part seems like it should be mentioned when covering this by a news outlet focused on WordPress:

To Matt Mullenweg

To Matt Mullenweg I want to say: please take better care of your community, because WordPress is nothing without it. Cherish the people who dedicate their (own) time and who work very hard to make WordPress the best it can be. Don’t ignore or make fun of them, but talk to them, guide them, inform them. Don’t be disconnected from the community, be part of it.

That sounds bad, but it could be worse, when it comes to security, you have Matt spreading false information about the current problems with the security of plugins and others in control (including one that works directly for him) actively making security worse, including even stopping the rest of the community from discussing such issues. If they simply ignored people trying to deal with those security everyone would be better off because there wouldn’t be anyone, for example, stopping people from trying to get vulnerabilities that may already being exploited fixed or leaving people believing that there isn’t a security issue with a plugin when there certainly is.