WordPress – Vulnerabilities

WordPress Vulnerabilities

There have been many security issues discovered in the software, most notably in 2007, 2008 and 2015.  An up to date list of WordPress vulnerabilities can be found on ‘Secunia’.

In 2007 many blogs with a high profile search optimisation, and others, which all featured ‘AdSense’ were targeted.  There were issues with downloads of the 2.1.1 version, but 2.1.2 addressed this issue, with the advice that it be upgraded immediately.

Also Read: What is WordPress

Following a report in May 2007 which noted that many users had blogs which were exploitable, because of outdated software, WordPress made it easier to update software.

Stefan Esser (the founder of PHP Security Response Team) spoke critically about WordPress and its security.

In 2013, a study found that 50 of the popular plugins were also vulnerable.  In WordPress 3.7 automatic background updates were introduced in an effort to improve security.  There are ways to protect individual installations of WordPress.  These include security plugins, keeping software and  plugins up to date, and only using trusted plugins and themes.

WordPress plugins must be updated, as hackers have sophisticated means of searching for  vulnerabilities.  Other tools that can be used to protect from possible vulnerabilities include WPScan, WordPress Auditor and WordPress Sploit Framework.  These have been developed by 0pe0deFR, and they search various vulnerabilities, including CSRF, LFI, RFI, XSS, SQL injection and user enumeration.  Still, check on other developers as well.

An alert issued by many security experts in March 2015, noted that a SEO plugin, ‘Yoast’, used on WordPress, had a vulnerability.  WordPress responded immediately with a revised version 1.7.4.

Another issue publicised in January 2017 was repaired by WordPress with a patch within 6 days.

WordPress – Development and Support

Although Matt Mullenweg and Mike Little are co-founders, the lead developers include Helen Hou-Sandi, Dion Hulse, Mark Jaquith, Andrew Ozz and Andrew Nacin.  The WordPress community also assist with development by testing each release.

WordPress is also closely associated with ‘Automattic’, which was founded by Matt Mullenweg.  In 2010 the WordPress trademark was given to the new WordPress Foundation.  WordPress Foundation is an umbrella organisation which supports WordPress, bbPress and BuddyPress.

WordPress – WordCamp

WordCamps have been organised for the users of WordPress.  They are conferences that are casually run, mostly locally organised, where you can learn more about all aspects of WordPress.  The first one was held in San Francisco in August 2006 and was attended by more than 500 people.  They are now organised all over the world.

 WordPress – More about Support

WordPress.org is the website for support.  It includes WordPress Codex (for manuals, information, etc.) and WordPress Forums (an online community)

 

Check the free tools to check your website for spam

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Lost Password