{"id":2337,"date":"2015-03-02T11:28:50","date_gmt":"2015-03-02T18:28:50","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2337"},"modified":"2015-03-02T11:28:50","modified_gmt":"2015-03-02T18:28:50","slug":"wordpress-org-makes-it-harder-for-security-journalists-to-hype-wordpress-plugin-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2015\/03\/02\/wordpress-org-makes-it-harder-for-security-journalists-to-hype-wordpress-plugin-vulnerabilities\/","title":{"rendered":"WordPress.org Makes It Harder For Security Journalists to Hype WordPress Plugin Vulnerabilities"},"content":{"rendered":"<p>Last Wednesday we discussed an ongoing issues <a title=\"One Easy Step To Hype A WordPress Plugin\u2019s Security Vulnerabilty\" href=\"http:\/\/www.whitefirdesign.com\/blog\/2015\/02\/25\/one-easy-step-to-hype-a-wordpress-plugins-security-vulnerabilty\/\">where security journalist conflate WordPress plugin&#8217;s download count at WordPress.org with how many websites are using the plugin<\/a>, making a vulnerability seem like it has much\u00a0larger impact\u00a0than it actual it does. In the case last week the headlines proclaimed things like &#8220;More than 1 million WordPress websites imperiled by critical plugin bug&#8221; about a security vulnerability that existed in older versions of <a href=\"https:\/\/wordpress.org\/plugins\/wp-slimstat\/\">WP Slimstat<\/a>, beyond explaining the fact that the security vulnerability in question was unlikely to be widely exploited, we pointed out that the website count used was way off base. The journalist were taking the 1.3 million downloads the plugin had and using that to back up their claim on over 1 million websites impacted, which they shouldn&#8217;t have since it isn&#8217;t close to being appropriate substitute for an actual count of use.<\/p>\n<p>Over the weekend\u00a0WordPress.org made a change that should stop this, as they started displaying a count of\u00a0Active Installs in addition to download counts for WordPress plugins. In the case of the WP Slimstat plugin the actual number of websites using it is much less than a million, with the Active Installs listed at 100,000+:<\/p>\n<p><a href=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/wp-slimstat-active-installs.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2338\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/wp-slimstat-active-installs.png\" alt=\"wp-slimstat-active-installs\" width=\"777\" height=\"351\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/wp-slimstat-active-installs.png 777w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2015\/03\/wp-slimstat-active-installs-300x136.png 300w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/a><\/p>\n<p>Hopefully this will be a wake-up call to some of those journalist that they need to stop taking so many liberties when reporting on WordPress plugin security issues, since this isn&#8217;t the only problem that there has been with their coverage of the issue (which could use more quality coverage).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last Wednesday we discussed an ongoing issues where security journalist conflate WordPress plugin&#8217;s download count at WordPress.org with how many websites are using the plugin, making a vulnerability seem like it has much\u00a0larger impact\u00a0than it actual it does. In the case last week the headlines proclaimed things like &#8220;More than 1 million WordPress websites imperiled &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2015\/03\/02\/wordpress-org-makes-it-harder-for-security-journalists-to-hype-wordpress-plugin-vulnerabilities\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;WordPress.org Makes It Harder For Security Journalists to Hype WordPress Plugin Vulnerabilities&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,32],"tags":[],"class_list":["post-2337","post","type-post","status-publish","format-standard","hentry","category-bad-security","category-wordpress-plugins"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=2337"}],"version-history":[{"count":4,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2337\/revisions"}],"predecessor-version":[{"id":2342,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2337\/revisions\/2342"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=2337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=2337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=2337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}