[grantheaslip]

But "normals" just aren't always going to do that. If Wordpress installations automatically updated without any user intervention, then maybe it would be better, but I still think it's dangerous to get non-geek friends to use a self-hosted Wordpress unless they really understand server administration—not just following an installation guide, but how permissions work, how to back up databases, how to properly vet add-ons, etc.

Plus, a lot of the Wordpress exploits have been zero-day. Even if they are checking their Wordpress dashboard every day, or even every week (and that's probably not a good assumption to make), their installation could be silently compromised before an update was even available.

I think geeks tend to assume that regular people understand and care about even the most basic (by our estimation) best practices. You could argue that that's their fault, not ours, but I think there's a certain lack of pragmatism involved in thinking that regular users can responsibly administer a Wordpress install. I'm sure contrary examples exist, but there's a lot of horror stories as well.