Welcome to 2016, the year where WordPress powers more than a quarter of all websites on the Internet. For a lot us involved with the WordPress community, this was a fantastic piece of news. But for those concerned with WordPress security, it’s more of a nightmare. WordPress as a CMS always had a bad rep for being an unauthenticated remote shell that, as a useful side feature, also contains a blog. And despite the best effort by the WordPress community, this is truer now more than ever. The democratization of publishing has a nasty side effect: pretty much anyone can start a WordPress blog. As the entry bar gets lower, more and more websites fall prey to malicious attacks, simply because the blog owners are out of their depth when it comes to protecting their blog. And being the biggest CMS on the market, WordPress has a huge target painted on its back. One of the security reports stated that 78% of successful attacks were against WordPress websites. Another stated that 76% of WordPress users don’t use a backup plugin at all. The blame, or at least most of the blame, lies with the throng of security articles on the web. Really good, in-depth articles are few and hard to find,
Share This