SC Media UK asked security professionals, and a long established web developer, about WordPress being such a conduit to compromise…
The WordPress platform pretty much dominates the content management system (CMS) driven web development market. The latest figures suggest it has a 60 percent share.
Cyber-criminals looking to host malicious content are drawn to legitimate sites, especially those that have been established for a while. WordPress often provides the entry point, or more accurately vulnerable and unpatched plugins do.
There have, according to IBM X-Force, been 238 releases of WordPress since May 2003, many of which addressed security issues. Yet five percent of sites had not updated to the latest version despite the previous versions having vulnerabilities being exploited in the wild. Despite WordPress having an automatic core update facility by default, it often gets turned off by site developers worried it could impact upon custom plugins and designs.