First of all hats off to team WordPress in adding Background Updates feature with 3.7 release. Named Count Basie, to honour the legendary Jazz musician, WordPress 3.7 comes with a promise to improve security. If this feature is turned on (by default it’s turned on) then WordPress will automatically update itself for minor released i.e. 3.7.x versions.
I, personally, liked this feature as I manage hundreds of self hosted WordPress blog and with every minor releases I had to manually log in and update them one by one. WordPress 3.7. Updating hundreds of self hosted WordPress blogs is a real pain. With WP 3.7 this pain will be gone. Just sit back while WordPress updates itself in the background without your intervention.
Stronger Password Meter feature is not interesting to me as I’ve always been unconsciously conscious about choosing a strong password. It might prove to be an useful feature for those who have been in habit of using weak password.
Now coming back to the WordPress vulnerability, is WordPress now more secure?
Answer is no.
Background Updates might reduce the chances of a WordPress blog being hacked as it will update automatically for any security updates by the time dark forces take control of your blog. Background Updates is really a cool feature but far away from making WordPress secure.
Since I’ve been using WordPress I’ve never come across any of my self hosted WordPress based blog which has been the victim of WP security vulnerability.
In all instances of breach it has been always theme or a plugin to blame.
A WordPress blog is as secure as the theme and plugin it is using.
Unless team WordPress takes care of patching the plugin and theme holes WordPress is never going to be fully secure.