Eight Steps to Eliminating Security Risks in WordPress

 
 
By Sean M. Kerner  |  Posted 2014-08-04 Email Print this article Print
 
 
 
 
 
 
 
 

The open-source WordPress blog and content management system platform is widely deployed around the world and powers some of the most popular sites on the Internet. WordPress' popularity has also made it a target for attackers. WordPress is deployed in one of two ways, which affects what steps users should take to secure themselves. Users can directly set up and host a site with the WordPress.com service. In that scenario, much of the heavy lifting for ensuring secure configuration and server platforms is done by WordPress.com. The other scenario is the self-hosted one in which users set up their own WordPress sites, with code that is freely available under an open-source license from WordPress.org. For self-hosted WordPress users, the security challenge is more involved and requires that users take proactive steps to reduce risk. In multiple incidents in the last year, self-hosted WordPress user sites were attacked and leveraged as a basis for attacks against others. In March, the pingback URL tacking feature in WordPress was abused in a widespread attack. In June, attackers took advantage of flaws in the Timthumb image-processing library plug-in. Here are guidelines to help users limit security risks in WordPress.

 
 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel