Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
WordPress logo in water image

WordPress security update: go hard or go home

Posted on February 4, 2016February 4, 2016 By Davey Winder 2 Comments on WordPress security update: go hard or go home

WordPress is popular. with a CMS market share of just about 60%. So get your WordPress security hardening sorted out!

That WordPress is also a magnet for hackers is beyond doubt. Any software with a market share of that scale is going to attract the attention of the bad guys. But does this mean that WordPress is inherently insecure, and any site built on the platform a security risk? You might think so, what with the news this week that WordPress version 4.4.1 and earlier have been impacted by a newly discovered Server Side Request Forgery (SSRF) vulnerability and an Open Redirect one for good measure. However, let’s stop right there before getting carried away: WordPress has put a ‘security and maintenance’ release out there already in the shape of 4.4.2 and is recommending everyone apply this immediately. So doesn’t this just prove the point that WordPress is insecure? Not at all. What it proves is that WordPress is an attractive target, and a poorly configured, ill-protected installation provides easy pickings for the bad guys. Harden your WordPress installation and it doesn’t have to be any more of a security risk than any other software or service you buy into.

Click here to read complete article

Vulnerabilities Tags:Advice, Analysis, Vulnerability, Web, WordPress

Post navigation

Previous Post: Anatomy of an Internet of Things attack
Next Post: End of days: Are we on the verge of a DDoS Armageddon?

Related Articles

Apple macOS, Microsoft Windows 11, Ubuntu Desktop Hacked During $1 Million Hacking Spree Announcements
New Samsung 0-Click Security Threat Alert, Disable Wi-Fi Calling Now Android
Microsoft Outlook Warning: Critical New Email Exploit Triggers Automatically—Update Now Analysis
Why You Should Stop Using LastPass After New Hack Method Update Breach
Windows And iOS Security Updates Get Serious–You Have 3 Weeks To Comply, CISA Warns Infosecurity
Major New Windows Security Update: 7 Critical & 3 Zero-Day Threats Confirmed Infosecurity

Comments (2) on “WordPress security update: go hard or go home”

  1. mursifa says:
    February 27, 2016 at 3:47 PM

    Any software with a market share of that scale is going to attract the attention of the bad guys. Where did you get this information?

  2. Davey Winder says:
    February 27, 2016 at 4:31 PM

    Agreed, which is why it’s important to lock down your installation to make it as hard for those attention seekers as possible of course.

    As for the ‘where did you get this information’ question, what information are you talking about specifically? Spotted that the first part of your comment was actually a direct quote from my article, so assume you are referring to the WordPress market share stats? In which case, see: http://w3techs.com/technologies/history_overview/content_management

Comments are closed.

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government hack Hackers Hacking healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Threatscape Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2023 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy