WordPress is secure. Sort of. The larger a target becomes, the more people shoot at it, explaining why Windows has always been the victim of more viruses than other operating systems, and WordPress is so huge that the issue of locking down WordPress security has become steadily more important for much the same reason. We first saw a full-scale attack on WordPress nearly two years ago, and as everybody’s favorite CMS has gotten bigger, so have the threats.
Taking the issue of locking down WordPress security seriously has become an important issue at WordPress parent Automattic Inc. So much so that if you use the Jetpack plug-in on your WordPress site—not one hosted at wordpress.com, by the way; one you host yourself—Automattic is now disconnecting you from the hive unless you keep Jetpack patched.
The move makes sense, but also raises questions about who really controls your supposedly independent WordPress site. Automattic needs to be serious about locking down WordPress security for itself, and should be serious for its customers, even if the customers don’t pay them a penny. And honestly, you shouldn’t need to be coaxed into keeping software patched. Sure, evaluate before updating and make whatever plans you need, but if you leave software exposed there’s a good chance you’ll compromise the idea of locking down WordPress security—or any security—anyway.
Now the question is: why exactly are you using Jetpack? And there are great reasons … but you should understand that some interesting stuff goes on in the background if you do.