WordPress Blog Claims WordPress Is The Riskiest Web Software?

Filed as Editorial on January 5, 2011 1:14 am

by Darnell Clayton

While it’s not surprising to hear about WordPress being insecure from users of rival platforms (as a few of my Movable Type friends will tell me), it’s odd to hear the statement from a company using it to power their blog.

Trend Micro (an anti-virus company) put out a list of risky software or sites which included Mac OS X, Facebook, Google and yes, even WordPress.

The riskiest software used by websites in 2010 was the popular blogging platform WordPress. Tens of thousands of unpatched WordPress blogs were used by cybercriminals for various schemes, primarily as part of redirection chains that led to various malware attacks or other blackhat search engine optimization (SEO)-related schemes. (Trend Micro Blog)

Note: Emphasis in bold is mine.

Blaming WordPress’s security woes on unpatched blogs makes as much sense as blaming an architect for building an insecure house despite the fact that the home owner refuses to lock their doors.

Users choosing to self host their blogs outside the walls of WordPress.com are ultimately responsible for their own security, updates, etc., although Automattic (the company behind WP.com) is trying to remedy this problem via VaultPress.

While choosing a secure host can go a long ways towards ensuring that your blog doesn’t fall prey to hackers, making sure your WordPress blog is updated to the latest version (via the one click update button) is one of the best ways to secure your blog.

Patches aside, as far as Trend Micro assessment as to why WordPress receives far more attacks than rivals is probably best summed up by Jeff Chandler of Weblog Tools Collection:

If Trend Micro wanted to give their statement validity, they would have explained that WordPress is the most popular publishing platform in use across the web and because of that large market share, it is a big target for malicious users.

If Trend Micro feels that WordPress is insecure, they might want to consider switching to an alternative platform before denouncing the software publicly.

Tags: ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.

Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



  1. By givejonadollar posted on January 5, 2011 at 1:33 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Man, I need some good news. I was just thinking about switching to WordPress. I’ve used Blogger for my blogs for over 3 years but things are getting more and more problematic.

    Obviously, security is as good as it’s weakest link, but with the amount of work us bloggers put into these things, it would be nice to have less to worry about on that end.

    Hopefully, Vaultpress will answer some of these foibles.

    Reply

  2. By Mike T posted on January 5, 2011 at 5:01 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Blaming WordPress’s security woes on unpatched blogs makes as much sense as blaming an architect for building an insecure house despite the fact that the home owner refuses to lock their doors.

    Bad metaphor. The security problem is directly caused by the builder in this case. The reason it’s still a problem is that the owner hasn’t seen fit to address it yet. The security hole is the fault of the WordPress team. The fact that the blog is unpatched is the user’s fault.

    Reply

  3. By greg urbano posted on January 6, 2011 at 11:21 am
    Want an avatar? Get a gravatar! • You can link to this comment

    one of the features i love about wordpress is the one touch updating, i get notified and i update simple as that!

    Reply

  4. By John McNally posted on January 6, 2011 at 8:43 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Like greg, I used to like the one click WordPress updating, unfortunately I haven’t been able to do this for almost 12 months. I have a glitch somewhere, that occured when I transfered my blog to a different hosting company. I now have to update manually via FileZilla FTP.

    If other blogs have the same problem, I can understand the security loophole.

    John
    Leamington Spa, England

    Reply

  5. By franky posted on January 7, 2011 at 8:14 am
    Want an avatar? Get a gravatar! • You can link to this comment

    John and Greg, check the PHP Memory limit set by your hoster. I would guess that your settings are 32MB, please increase this via wp-config.php to 64MB.

    Reply

  6. By Raj posted on January 7, 2011 at 1:01 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    wordpress once affected by a virus is a realy mess to clean.

    Reply

  7. By John McNally posted on January 8, 2011 at 10:38 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Thanks for the tip Franky, how do you know I need to change he PHP memory limit? Is the site slow loading?

    Raj, that’s bad news about a WordPress virus, I think I’ve got one!

    John
    Leamington Spa, England

    Reply

  8. By free software posted on August 20, 2012 at 11:59 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    I was extremely pleased to discover this website. I need to to thank you for your time for this particularly wonderful read!! I definitely liked every bit of it and i also have you book-marked to look at new things on your website.

    Reply

  9. 3 WordPress Habits that Make Hackers HappyDecember 9, 2012 at 4:22 pm
  10. 3 WordPress Habits that Make Hackers Happy | Luscious WPJanuary 2, 2013 at 3:30 pm

    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.