Plugin developer Wordfence raises concerns about security, but is there a bigger problem with the continued use of MD5 hashing?
WordPress 4.7, with the nickname of Vaughan, was released last week without much of a fanfare. It also came without the usual bunch of important security patches either. If you run a WordPress-based site, you probably think you can relax once you’ve applied the core update and let your security scanner plug-in loose on it. Things might not be quite as secure as they seem, however, if the developers of one such plug-in are correct.
Wordfence developers have warned that competitors in the field may not keep WordPress sites as malware free as it can. No great surprise there, we grant you. However, the use of insecure hashing using MD5, the reasoning behind the claim, probably warrants a closer inspection.