Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Businesses

WordPress Forces User Conf Organizers To Share Social Media Credentials, Arousing Suspicions (theregister.com) 34

Simon Sharwood, reporting for The Register: Organisers of WordCamps, community-organized events for WordPress users, have been ordered to take down some social media posts and share their login credentials for social networks. The order to share creds came from an employee of Automattic, the WordPress host whose CEO happens to be Matt Mullenweg, co-creator of WordPress.

A letter sent to WordCamp organizers explains that the creds are needed due to "recurrent issues with new organizing teams losing access to the event's social media accounts." So far, so sensible. But the requirement to share creds comes in the middle of a nasty spat in the WordPress community, sparked by Mullenweg's efforts to have rival hosting biz WP Engine license the WordPress trademark or devote more staff to working on the open source content management system's code.

WordPress Forces User Conf Organizers To Share Social Media Credentials, Arousing Suspicions

Comments Filter:
  • Some people seem to focus more on the 'dictator' part and less on the 'benevolent' part of the "Benevolent Dictator for Life" role. *shrug*
    • In this case, the "benevolent" part definitely deserves a [citation needed].

      Now if you'd chosen to use "pissy", "spiteful", or "pique-filled"... those are apparent, so no further clarification would've been required.

  • by Pseudonymous Powers ( 4097097 ) on Wednesday October 30, 2024 @01:34PM (#64906797)
    The only suspicions this is arousing in me are regarding whether Mullenweg is actually clinically insane. "Give me your passwords?" That's not a thing.
    • People can just "flip" one day, so to speak. Could be due to stress and/or not being able to handle authority ("mad with power"), or it could be an actual, physical condition in the brain.

        I'm leaning away from thinking that this guy is that stupid, and more tward that there is seriously something wrong with him, neurologically.

      • People can just "flip" one day, so to speak. Could be due to stress and/or not being able to handle authority ("mad with power"), or it could be an actual, physical condition in the brain.

        I'm leaning away from thinking that this guy is that stupid, and more tward that there is seriously something wrong with him, neurologically.

        Probably just fell into his own idiocy. That happens for some "leaders." Especially those that really suck at leadership. They start to think micromanaging and dictatorial rule are the only ways forward, truly believing in their own superiority until they are smacked in the face by someone or something far superior to them. For some, that's death. For others, just a good solid prison sentence. Or crossing the wrong person at the precisely correct moment to merit a violent reaction.

        At any rate, this public m

  • Wow (Score:4, Interesting)

    by Baron_Yam ( 643147 ) on Wednesday October 30, 2024 @01:36PM (#64906803)

    I've heard of burning it all down around you, but this guy brought nukes.

  • by mysidia ( 191772 ) on Wednesday October 30, 2024 @01:36PM (#64906807)

    If the organizers' accounts are company accounts, Then they need to be setup that way, as company-managed accounts.
    Give the credentials to the corporate IT administrator only.

    And grant the individual users post access instead of sharing credentials.

    It's a violation of Terms of Service on just about any social media site for users to share Logins and Passwords.

    • by sconeu ( 64226 )

      It's a violation of Terms of Service on just about any social media site for users to share Logins and Passwords.

      Came here for this.

      "Dear Automattic drone,

      Just to be clear, you are specifically asking us to violate the [social-media-platform] Terms of Serivce?

      Thank you,
      [Conference Organizer]"

    • by zlives ( 2009072 )

      admins should be able to reset passwords anyways? why "share"

    • by 93 Escort Wagon ( 326346 ) on Wednesday October 30, 2024 @02:55PM (#64907041)

      If the organizers' accounts are company accounts, ...

      WordCamps are organized by local Wordpress user communities, not owned by Automattic. Heck, as far as I can tell, Automattic hasn't even provided sponsorship for any of them.

      • by mysidia ( 191772 )

        WordCamps are organized by local Wordpress user communities, not owned by Automattic.

        I see. The camps are organized by local communities, But it seems that Automattic believes they are the entity that decides who gets to do it, or at least the company who gets to control who gets to be listed as a "Wordcamp" and use the Wordcamp name and branding capital.

        So, unless there is some argument about that; it does seem that whoever that company is would have ultimate control over the branded official acco

    • While this is how it should be, it's not how even major companies do it, sadly. I directed the social media program for one of the largest computer companies in the world. I was given the login credentials to all their accounts. Not just social media but associated Google and other accounts too.

      Too frequently folks aren't going to sit around waiting for IT to set up those accounts and properly provision things out to users. That bottleneck is what causes others to work around it.

  • Exit Stage Left... (Score:4, Insightful)

    by KlomDark ( 6370 ) on Wednesday October 30, 2024 @01:41PM (#64906831) Homepage Journal
    Anyone still using WP needs to start heading for the door, now.
  • by devslash0 ( 4203435 ) on Wednesday October 30, 2024 @02:04PM (#64906899)

    1. You should change them regularly.
    2. You shouldn't leave them where other people can see them.
    3. You should never loan them out to strangers.

    • by lsllll ( 830002 ) on Wednesday October 30, 2024 @02:48PM (#64907013)

      1. You should change them regularly.

      I take issue with that. In my opinion, unless there's an indication that a password has been compromised, there should be no reason to change it. Changing passwords often leads to a) users writing the password down somewhere and b) using the same password with iterators at the end. On the other hand if someone tells me that a password needs to be changed because it was compromised, I'm less likely to use the same password with an incremental iterator at the end.

      • NIST agrees with you:

        "Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator." - https://pages.nist.gov/800-63-... [nist.gov]

    • Dont' use someone else's.

  • by devslash0 ( 4203435 ) on Wednesday October 30, 2024 @02:07PM (#64906907)

    No, it's not sensible in any way, shape or form. Sounds like Automattic are asking for passwords so that they can take unpopular or otherwise inconvenient social media posts themselves in case someone doesn't want to comply. This is potentially criminal - both asking for credentials and trying to make unauthorised changes.

  • by Malay2bowman ( 10422660 ) on Wednesday October 30, 2024 @02:28PM (#64906975)

    My creds-

    Facebook

    Username: lickmyballs
    Password: gofuckaduck

    Instagram

    Username: gotohell
    Password: youshiteatingcunt

    X/Twitter

    Username: yourmomisawhore
    Password: yourdadisalsoawhore ...and so forth

    • by lsllll ( 830002 )

      Once I was so pissed with a web site's password policy (not only combinations/length, but also "too similar to previously used password". How would they know unless they saved my plain-text passwords somewhere or enumerated my character usage in them?) I used "FuckYourMom@#$000". Unfortunately, eventually, I also has to screw their dad, lick their sister, and toss their aunt's salad.

      • by Dwedit ( 232252 )

        You can test removing each character (and all possible truncations) and compare its hash to a previous password's hash. You don't need to store plain text for that.

        • by HiThere ( 15173 )

          That won't identify "badPassword1" as a precursor to "badPassword2". Not unless you've saved "badPassword1".

        • Not a valid strategy if you're salting passwords, like you should...
  • Just stop using it now. That goes against all security principles. What were they thinking?
  • Are these Wordpress re-education camps?
    Censorship/anti-competitive practices/coercion. What's next? The purges?
    It's just a CMS. Calm down.

Would you people stop playing these stupid games?!?!?!!!!

Working...