14 DAY TRIAL // The creators of WordPress, the world's most popular blogging platform, are juggling with the idea of having future versions of the application update automatically without the intervention of webmasters.
Known as silent updates, this type of upgrades have been known for a while, but it was Google with its Chrome browser who successfully tested the model on a wide scale for the first time.
In general, software developers have been reluctant to implement silent updates because they undermine user choice and require a lot of quality assurance testing.
However, the increased number of exploitation attacks against outdated versions of popular applications have pushed software creators to reconsider their position.
Following Chrome's success, Adobe is considering a similar system for its frequently attacked Adobe Reader product, and the feature has already been implemented by Mozilla as part of its new Firefox development model.
According to WPCandy, WordPress founder and project lead Matt Mullenweg revealed recently at the WordCamp Montreal conference that it is his intention to have the popular blogging platform use a similar update system.
The feature might not come in WordPress 3.3, although improvements to the updater are planned for this version, but it is clearly a goal for the future. The decision comes as good news for security-oriented users, but it's not clear if it will have a great impact on the number of compromised and infected blogs.
If such a feature does get implemented and becomes default behavior, developers will have to provide a "turn off" option for webmasters who run a lot of custom code and risk breaking it. There is a possibility that most users will get used to disabling this feature to make sure their plug-ins or themes don't become incompatible after a silent update.
Nevertheless, the problem of vulnerable WordPress installations is a serious one that needs addressing. Security researchers from antivirus Sophos recently performed a quick test where they looked at the last ten infected blogs the company's systems picked up. All of them were running on an either outdated WordPress or PHP version.