Security Issues & Vulnerabilities
WordPress, first released on May 27 2003, by its founders, Matt Mullenweg and Mike Little, as a fork of b2/cafelog is a content management system (CMS) based on PHP and MySQL and licensed under the GPLv2 (or later).
Over the years WordPress and it's many plugins (written by a host of developers who are independent of WordPress) have been subject to a number of security issues, particularly in 2007, 2013 and 2015.
A May 2007 study revealed that 98% of WordPress blogs being run were open to exploits because they were running unsupported and outdated versions of WordPress.
In June 2013, it was found that a number of the 50 most downloaded WordPress plugins were vulnerable to attacks such as SQL injection and XSS. A separate survey of e-commerce plugins showed that 7 out of 10 of them were vulnerable.
Then again in 2015 a large number of well known WordPress plugins were shown to have blind SQL injection and Cross-site Scripting (XSS) vulnerabilities.
Keeping your WordPress Website Secure
So you may be asking. Why use WordPress — is it safe?
Like all software WordPress and it's plugins can be vulnerable to attacks and hacking. Even companies like Microsoft and Apple have had (and will continue to have) software security issues forcing them to issue security fixes e.g. a Microsoft Windows vulnerability which could be exploited by a hacker to carry out a remote code execution and a flaw in Apple's OS X operating system which left users vulnerable to security breaches while browsing online.
Just like any other software your WordPress website and plugins can be kept secure by being vigilant and updating to the latest versions.
WordPress Security Planning
- Ensure WordPress and it's plugins are kept up to date.
- Have a backup plan in place to allow you to "fall-back" to an earlier version of your site.
- Install a security plugin to safeguard your site and alert you when your site has been attacked or hacked.
Wordpress security shouldn't be passive, it should be proactive.
You can install "automatic WordPress and plugin updaters" however these aren't recommended as a plugin which isn't compatible with the latest WordPress version may break your site or stop some functionality from working correctly. Therefore it's best to update and test your site to ensure everything is working as expected after a WordPress or plugin update.
If you'd rather someone else maintains your site security we offer a WordPress management service which includes:
- WordPress & Plugin Updates: We will update your site each time WordPress releases a minor or major update. We will also check plugins and update these as they become compatible with the latest WordPress version (or straight away in the case of security updates).
- Site Backups: We will schedule backups of your site on a daily, twice weekly or weekly schedule.
- Security Plugin: We will install a security plugin (and ensure it's kept updated as new versions become available), monitor site security and take steps to address any issues that occur.
Contact us to find out how we can help keep your WordPress website secure and give you peace of mind.