I appreciate this WordPress philosophy overview. More products should be built with these principles in mind:

Works with little configuration and setup
Designed for the majority
Makes decisions, not options
Clean, lean and mean
Strives for simplicity




The downside to Wordpress's philosophy is they keep adding attack surface, and enabling it by default. Does everybody remember all the holes which have been found in their XML RPC?

And then one day I saw in the logs a whole new facility being hammered, the wp-json path. Enabled by default, and handing out lots of details on our installation and accounts.

Simplistic security, i.e., not much security at all.

Sign in to participate in the conversation
Mastodon for Families and Friends

This is a family server