[dscrd]

>Having said this, I've found limited proof that a particular language is any safer than another as it comes down to safe coding policies and risk mitigation strategies.

Proof is right there in the article. To have PHP on the live server is a security risk, period.

[sanswork]

Having a general purpose blog system on the same server(and sharing the same database credentials and having the ability to write files) is a security risk it has nothing to do with the availability of php.

[ukigumo]

My point exactly. If instead of wordpress they had a copy of some other big-old-java-thingie it would have been just as exploitable.

[ukigumo]

I disagree. Having poor security "hygiene" is dangerous, the tools that you select to shoot yourself in the foot are less important than having a hardened server with minimal services and installed software (and host intrusion detection, etc..)