WordPress is popular. with a CMS market share of just about 60%. So get your WordPress security hardening sorted out!
That WordPress is also a magnet for hackers is beyond doubt. Any software with a market share of that scale is going to attract the attention of the bad guys. But does this mean that WordPress is inherently insecure, and any site built on the platform a security risk? You might think so, what with the news this week that WordPress version 4.4.1 and earlier have been impacted by a newly discovered Server Side Request Forgery (SSRF) vulnerability and an Open Redirect one for good measure. However, let’s stop right there before getting carried away: WordPress has put a ‘security and maintenance’ release out there already in the shape of 4.4.2 and is recommending everyone apply this immediately. So doesn’t this just prove the point that WordPress is insecure? Not at all. What it proves is that WordPress is an attractive target, and a poorly configured, ill-protected installation provides easy pickings for the bad guys. Harden your WordPress installation and it doesn’t have to be any more of a security risk than any other software or service you buy into.