WordPress security update: go hard or go home

WordPress is popular. with a CMS market share of just about 60%. So get your WordPress security hardening sorted out!

That WordPress is also a magnet for hackers is beyond doubt. Any software with a market share of that scale is going to attract the attention of the bad guys. But does this mean that WordPress is inherently insecure, and any site built on the platform a security risk? You might think so, what with the news this week that WordPress version 4.4.1 and earlier have been impacted by a newly discovered Server Side Request Forgery (SSRF) vulnerability and an Open Redirect one for good measure. However, let’s stop right there before getting carried away: WordPress has put a ‘security and maintenance’ release out there already in the shape of 4.4.2 and is recommending everyone apply this immediately. So doesn’t this just prove the point that WordPress is insecure? Not at all. What it proves is that WordPress is an attractive target, and a poorly configured, ill-protected installation provides easy pickings for the bad guys. Harden your WordPress installation and it doesn’t have to be any more of a security risk than any other software or service you buy into.

Click here to read complete article

2 thoughts on “WordPress security update: go hard or go home

  • February 27, 2016 at 3:47 PM
    Permalink

    Any software with a market share of that scale is going to attract the attention of the bad guys. Where did you get this information?

    Reply
    • February 27, 2016 at 4:31 PM
      Permalink

      Agreed, which is why it’s important to lock down your installation to make it as hard for those attention seekers as possible of course.

      As for the ‘where did you get this information’ question, what information are you talking about specifically? Spotted that the first part of your comment was actually a direct quote from my article, so assume you are referring to the WordPress market share stats? In which case, see: http://w3techs.com/technologies/history_overview/content_management

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *