The first question you’re probably wondering is, is WordPress secure? For the most part, yes. However, WordPress often gets a bad rap for being prone to security vulnerabilities and not being an inherently secure platform for businesses. Most often, this is because users continue to follow tried-and-true worst-practice security practices . Using outdated WordPress software , broken plugins, poor system administration , credential management , and a lack of web security knowledge among chinese overseas africa database non-technical WordPress users allow hackers to stay on top of cybercrime . Even industry leaders don’t always use best practices .
Reuters was hacked because it was using an outdated version of WordPress. At its core, security isn’t about perfect secure systems. It may be impractical or impossible to find and/or maintain. Security is about reducing risk, not eliminating it. It’s about using all the controls available to you, within reason, that allow you to improve your overall position, reducing the likelihood of being targeted and subsequently hacked. — WordPress Security Codex But that doesn’t mean there’s no vulnerability . According to Q3 2017 research from cross-platform security firm Sucuri , WordPress continues to lead the list of infected websites they work on (83%). That’s up from 74% in 2016.
WordPress security vulnerabilities
WordPress powers over 43.3% of all websites on the internet, and with hundreds of thousands of theme and plugin combinations, it’s no surprise that vulnerabilities exist and are constantly being discovered. However, there’s also a large community around the WordPress platform that ensures that these vulnerabilities are patched as quickly as possible. As of 2022, the WordPress security team consists of about 50 (up from 25 in 2017) experts, including leading developers and security researchers — about half of whom are Automattic employees, and some work in web security.