WordPress – Vulnerabilities

There have been many security issues discovered in the software, most notably in 2007, 2008 and 2015.  An up to date list of WordPress vulnerabilities can be found on ‘Secunia’.

In 2007 many blogs with a high profile search optimization, and others, which all featured ‘AdSense’ were targeted.  There were issues with downloads of the 2.1.1 version, but 2.1.2 addressed this issue, with the advice that it be upgraded immediately.

Also Read: What is WordPress

Following a report in May 2007 which noted that many users had blogs that were exploitable, because of outdated software, WordPress made it easier to update software.

Stefan Esser (the founder of the PHP Security Response Team) spoke critically about WordPress and its security.

Wordpress vulnerabilities

In 2013, a study found that 50 of the popular plugins were also vulnerable.  In WordPress 3.7 automatic background updates were introduced in an effort to improve security.  There are ways to protect individual installations of WordPress.  These include security plugins, keeping software and plugins up to date, and only using trusted plugins and themes.

WordPress plugins must be updated, as hackers have sophisticated means of searching for vulnerabilities.  Other tools that can be used to protect from possible vulnerabilities include WPScan, WordPress Auditor, and WordPress Sploit Framework.  These have been developed by 0pe0deFR, and they search various vulnerabilities, including CSRF, LFI, RFI, XSS, SQL injection, and user enumeration.  Still, check on other developers as well.

An alert issued by many security experts in March 2015, noted that an SEO plugin, ‘Yoast’, used on WordPress, had a vulnerability.  WordPress responded immediately with a revised version 1.7.4.

Another issue publicized in January 2017 was repaired by WordPress with a patch within 6 days.

WordPress – Development and Support

Although Matt Mullenweg and Mike Little are co-founders, the lead developers include Helen Hou-Sandi, Dion Hulse, Mark Jaquith, Andrew Ozz, and Andrew Nacin.  The WordPress community also assists with development by testing each release.

WordPress is also closely associated with ‘Automattic’, which was founded by Matt Mullenweg.  In 2010 the WordPress trademark was given to the new WordPress Foundation.  WordPress Foundation is an umbrella organization that supports WordPress, bbPress, and BuddyPress.

WordPress – WordCamp

WordCamps have been organized for the users of WordPress.  They are conferences that are casually run, mostly locally organized, where you can learn more about all aspects of WordPress.  The first one was held in San Francisco in August 2006 and was attended by more than 500 people.  They are now organized all over the world.

 WordPress – More about Support

WordPress.org is the website for support.  It includes WordPress Codex (for manuals, information, etc.) and WordPress Forums (an online community)


Check the free tools to check your website for spam

Leave a Comment