After managing hundreds of WordPress sites over the years, one thing is clear: the core is solid – it’s the outdated, poorly written plugins that open the doors to attacks. At OSDay 2025, I attended a talk that confirmed this and shed light on a massive b
One of the reasons I’m always so happy to attend conferences and technical events (the real ones – not the flashy, sponsor-driven ones designed just to sell products or services) is because I get to meet amazing people and always come away having learned something new.
I’ve been using WordPress since 2006 and have been managing hundreds of installations from a sysadmin perspective. Over time, I’ve noticed a clear pattern: most hacks and compromises happen through plugins or outdated installations. And often, these installations (and plugins) become outdated because they’ve been patched together so messily that updating them becomes nearly impossible – especially when the PHP version changes.
To mark the launch of the BSD Cafe Journal, I’d like to share the link to a particularly interesting talk by Maciek Palmowski: “How we closed almost 1k plugins in a month — the biggest WordPress bug bounty hunt.”
What struck me right away was how much his analysis of WordPress security aligned with what I’ve seen over the years: WordPress, out of the box, is reasonably secure. It’s the plugins – often old, unmaintained, or poorly written – that make it vulnerable.
I highly recommend watching his talk. It’s definitely worth your time.
This idea has been in my mind since the very beginning of this adventure, almost two years ago. Over time, several people have suggested it. But until recently, I felt the timing just wasn’t right — for many reasons. Today, I believe it finally is.
So I’m happy to announce a new service: The BSD Cafe Journal.
What is The BSD Cafe Journal?
At first, I thought I’d use BSSG for it (I even added multi-author support with this in mind), but in the end, it didn’t feel like the right tool for the job.
The idea is to create a multi-author space, with content published on a fairly regular basis. A reference point for news, updates, tutorials, technical articles — a place to inform and connect.
Just like people in Italy used to stop by cafés to read the newspaper and chat about the day’s news, the BSD Cafe Journal aims to be a space for reading, sharing, and staying informed — all in the spirit of the BSD Cafe.
What it’s Not
It’s not here to replace personal blogs, or excellent newsletters like Vermaden’s.
It’s not an aggregator.
What it Is
A place where authors can write original content.
A space to share links to posts on their own blogs or elsewhere.
A platform to publish guides, offer insights, or dive into technical explanations.
Our Guiding Principles
The guiding principles are the same as always: positivity, constructive discussion, promoting BSDs and open source in general.
No hype: Sharing a cool new service is fine, posting non-stop about the latest trend is not.
No drama, no politics: The goal is to bring people together, not divide them. To inform, not inflame.
Respect, tolerance, and inclusivity are key. Everyone should feel welcome reading the BSD Cafe Journal — never judged, offended, or excluded.
Why WordPress?
The platform I’ve chosen is WordPress, for several reasons:
It’s portable (runs well on all BSDs).
It has great built-in role management (contributors, authors, etc.).
And — last but not least — it supports ActivityPub.
This means every author will have their own identity in the Fediverse and can be followed directly, and it’ll also be possible to follow the whole Journal.
Original and educational content is encouraged, but it’s also perfectly fine to link to existing articles elsewhere. Personally, I’ll link my technical posts from ITNotes whenever I publish them there.
The goal is simple: a news-oriented site, rich in content, ad-free, respectful of privacy — all under the BSD Cafe umbrella.
Getting Involved
Content coordination will happen in a dedicated Matrix room for authors. There’ll also be a public room for discussing ideas, giving feedback, and sharing suggestions.
Of course, I can’t do this alone. A journal with no content is just an empty shell.
So here’s my call to action:
Who’s ready to lend a hand? If you enjoy writing, explaining, sharing your knowledge — the Journal is waiting for you!
