While it’s not surprising to hear about WordPress being insecure from users of rival platforms (as a few of my Movable Type friends will tell me), it’s odd to hear the statement from a company using it to power their blog.
Trend Micro (an anti-virus company) put out a list of risky software or sites which included Mac OS X, Facebook, Google and yes, even WordPress.
The riskiest software used by websites in 2010 was the popular blogging platform WordPress. Tens of thousands of unpatched WordPress blogs were used by cybercriminals for various schemes, primarily as part of redirection chains that led to various malware attacks or other blackhat search engine optimization (SEO)-related schemes. (Trend Micro Blog)
Note: Emphasis in bold is mine.
Blaming WordPress’s security woes on unpatched blogs makes as much sense as blaming an architect for building an insecure house despite the fact that the home owner refuses to lock their doors.
Users choosing to self host their blogs outside the walls of WordPress.com are ultimately responsible for their own security, updates, etc., although Automattic (the company behind WP.com) is trying to remedy this problem via VaultPress.
While choosing a secure host can go a long ways towards ensuring that your blog doesn’t fall prey to hackers, making sure your WordPress blog is updated to the latest version (via the one click update button) is one of the best ways to secure your blog.
Patches aside, as far as Trend Micro assessment as to why WordPress receives far more attacks than rivals is probably best summed up by Jeff Chandler of Weblog Tools Collection:
If Trend Micro wanted to give their statement validity, they would have explained that WordPress is the most popular publishing platform in use across the web and because of that large market share, it is a big target for malicious users.
If Trend Micro feels that WordPress is insecure, they might want to consider switching to an alternative platform before denouncing the software publicly.
Want an avatar? Get a gravatar! • You can link to this comment
Man, I need some good news. I was just thinking about switching to WordPress. I’ve used Blogger for my blogs for over 3 years but things are getting more and more problematic.
Obviously, security is as good as it’s weakest link, but with the amount of work us bloggers put into these things, it would be nice to have less to worry about on that end.
Hopefully, Vaultpress will answer some of these foibles.
Want an avatar? Get a gravatar! • You can link to this comment
Bad metaphor. The security problem is directly caused by the builder in this case. The reason it’s still a problem is that the owner hasn’t seen fit to address it yet. The security hole is the fault of the WordPress team. The fact that the blog is unpatched is the user’s fault.
Want an avatar? Get a gravatar! • You can link to this comment
one of the features i love about wordpress is the one touch updating, i get notified and i update simple as that!
Want an avatar? Get a gravatar! • You can link to this comment
Like greg, I used to like the one click WordPress updating, unfortunately I haven’t been able to do this for almost 12 months. I have a glitch somewhere, that occured when I transfered my blog to a different hosting company. I now have to update manually via FileZilla FTP.
If other blogs have the same problem, I can understand the security loophole.
John
Leamington Spa, England
Want an avatar? Get a gravatar! • You can link to this comment
John and Greg, check the PHP Memory limit set by your hoster. I would guess that your settings are 32MB, please increase this via
wp-config.phpto 64MB.Want an avatar? Get a gravatar! • You can link to this comment
wordpress once affected by a virus is a realy mess to clean.
Want an avatar? Get a gravatar! • You can link to this comment
Thanks for the tip Franky, how do you know I need to change he PHP memory limit? Is the site slow loading?
Raj, that’s bad news about a WordPress virus, I think I’ve got one!
John
Leamington Spa, England
Want an avatar? Get a gravatar! • You can link to this comment
Hi John, I can not be sure but it is one of the most common issues on shared hosting accounts.
Want an avatar? Get a gravatar! • You can link to this comment
Hello just wanted to give you a brief heads up and let you know a few of the pictures aren’t loading correctly. I’m not sure why but I think its a linking issue. I’ve tried it in two different web browsers and both show the same results.
Want an avatar? Get a gravatar! • You can link to this comment
I’d must check with you here. Which isn’t one thing I usually do! I take pleasure in reading a post that may make people think. Also, thanks for allowing me to comment!
Want an avatar? Get a gravatar! • You can link to this comment
Magnificent goods from you, man. I have understand your stuff previous to and you are just extremely great. I really like what you have acquired here, really like what you are stating and the way in which you say it. You make it entertaining and you still take care of to keep it wise. I can not wait to read far more from you. This is actually a terrific website.
Want an avatar? Get a gravatar! • You can link to this comment
Hey, I simply hopped over for your web page by means of StumbleUpon. Not one thing I might generally read, but I favored your emotions none the less. Thanks for making one thing worth reading.
Want an avatar? Get a gravatar! • You can link to this comment
I believe you have remarked some very interesting points , thanks for the post.
Want an avatar? Get a gravatar! • You can link to this comment
I’ll right away grasp your rss feed as I can’t in finding your email subscription hyperlink or e-newsletter service. Do you have any? Kindly let me know in order that I may just subscribe. Thanks.