Every day we manage thousands of clients running a wide range of applications, built across a number of different platforms. It should be of no surprise that a good number of them leverage the WordPress platform. This in itself can lead folks to scream from the mountain tops of the applications insecurities, we’re here to say that is just not so.
Many know, but yet many more don’t, that WordPress dominates rival CMS applications by significant margins. We are not saying this in terms of functionality or breadth, but rather by end-user adoption. We will not dabble with why and how it has accomplished this, but rather on what this means to you, the end-user.
It is our opinion that anything that lives on the web becomes vulnerable with time. That being said, at this time, we don’t find WordPress, version 3.3.1 to be the root cause of the infections we see every day. This is not the same of older versions, but that is to be expected with any platform, to think otherwise is foolish. It is also one of the reasons updates are so important.
The WordPress core development team and review process has matured tremendously over the years, such that they deserve accolades for their ability to push timely patches when security issues are identified. Although inefficiencies still exist in a number of areas, the greater issue we want to focus on is the end-user responsibilities.
Let’s take a minute to look at the top reasons for the infections we see today:
- Poor Credential Management (FTP, SFTP, SSH, WP Admin, Cpanel, DB, etc..)
- Poor System Administration
- Out of Date Software – PHP, WP, Plugins, Themes, DB
- Lack of Web Knowledge
- Lack of Security Knowledge
- Use of self-proclaimed “experts”
- Cutting Corners – Using unvetted Plugins, Themes and Scripts (Often Infected and housing backdoors)
What most website owners do not understand is that what makes WordPress so useful and cost-effective is also its biggest weakness. WordPress is a highly extensible application that allows your average Joe to easily make changes, add features and manage content. This ease of use, while great, puts a tremendous amount of responsibility on the end-user, so much so that they are often the root of their own problem.