To try to set the record straight, WordPress.org (the open source project) doesn't host and websites apart from our own (WordPress.org, WordCamp.org, BuddyPress.org, etc). So people can't host with us. Also, while we do have some recommended hosts that have helped the community as well as put a lot of effort into making their WordPress hosting really exceptional, they were not the only hosts we worked with on this (or even the majority).
Additionally, the work with hosts and WAFs happened in parallel with the work on the patch. WordPress users are our priority and they exist at pretty much every host. The best way to secure them all is to get a patch out. Anything we can do to mitigate the risk between finding out and when that patch is ready, is really just a bonus :)
This is so true!
To try to set the record straight, WordPress.org (the open source project) doesn't host and websites apart from our own (WordPress.org, WordCamp.org, BuddyPress.org, etc). So people can't host with us. Also, while we do have some recommended hosts that have helped the community as well as put a lot of effort into making their WordPress hosting really exceptional, they were not the only hosts we worked with on this (or even the majority).
Additionally, the work with hosts and WAFs happened in parallel with the work on the patch. WordPress users are our priority and they exist at pretty much every host. The best way to secure them all is to get a patch out. Anything we can do to mitigate the risk between finding out and when that patch is ready, is really just a bonus :)