Wordpress security?

Mendalla

Mendalla

Well-known member
I know we have some Wordpress admins and users on here so this article in one of the IT newsletters I get at work caught my eye. I don't use Wordpress myself (considering it if I start publishing my stories myself rather than on the site I use now) but thought others might be interested.

channeldailynews.com

Vulnerabilities in WordPress plugins more than doubled in 2021: Report | Channel Daily News

Vulnerabilities in WordPress plugins more than doubled in 2021 compared to the previous year, according to a report, a worrying trend because most can be exploited by threat actors on the e-commerce and news sites that rely on the platform. The report, released today by researchers at Risk Based...
channeldailynews.com channeldailynews.com
 
TLDR said:
WordPress... But keeping your stuff updated. ;)
Click to expand...
Which really goes for whatever software you use. Widely used software like WP has the disadvantage of being targeted more but the advantage of being more widely supported and reported on. A more obscure program could have just as many bugs and security flaws but they might not get reported as widely or fixed as quickly. So using the devil you know is probably safer in some cases.
 
Ksentile said:
What dedicated blogging software or CMS do people recommend these days if the Wordpress security issues just keep piling?
Click to expand...
WordPress is insanely popular and I've tried many times to like it, but I never can.

I've done my research on alternatives. I wanted something without all the bloat because I only ever planned to use it for a small blog about my travels. So, while these might not be for you because of how raw they are, I really like:

Ghost CMS: https://github.com/tryghost/ghost

Jekyll (hosted free with GitHub Pages): https://jekyllrb.com

Hugo: https://github.com/gohugoio/hugo

And you can see a bigger list of options like these, here: https://jamstack.org/generators/
 
Mendalla said:
Which really goes for whatever software you use
Click to expand...
I agree. And WordPress makes it easy to stay up-to-date with its auto-updates (zero clicks required!) for core, plugins and themes. (Well unless a plugin authors releases a broken update, but oh well)

The problem with lesser-widespread software is: Once it becomes widespread, the issues that were obscured by its popularity, may come up on a daily basis. So in the end, you might be better off to just use "what everyone uses".

Or to quote the article in the OP:
There’s evidence malicious actors go after vulnerabilities they can easily exploit
Click to expand...

However, I am not sure why you should "focus" on any known security issue. Like, just keep everything updated. But okay.
 
TLDR said:
The problem with lesser-widespread software is: Once it becomes widespread, the issues that were obscured by its popularity, may come up on a daily basis. So in the end, you might be better off to just use "what everyone uses".
Click to expand...
Security through obscurity only gets you so far is what we used to say in the IT management world.
 

Similar threads

akok
It is impossible to create passkeys using Windows Security.
Replies
4
Views
73
Old Nick
O
Q
  • Question Question
Thinking of getting Xenforo with the intention of using it with WordPress... Need some questions answered.
Replies
0
Views
38
qazwsxedcrfv1234
Q
A
  • Question Question
Is there a way to only allow forum members to comment on WordPress blog posts?
Replies
0
Views
55
Artashes
A
C
XF 2.2 Members and visitors in wordpress homepage
Replies
4
Views
80
gigipmc
gigipmc
KensonPlays
  • Question Question
XF 2.3 How to connect WordPress & XenForo with oAuth?
Replies
8
Views
253
unproperlypropagated
unproperlypropagated
Back
Top Bottom