We create digital journeys that meet your business goals
Security threat discovered in WordPress
Late last night, a zero-day (hole in software) threat was found that allows hackers to insert malicious script into WordPress sites via the comments.
One of the serious issues with WordPress (and other open source software) is, in fact, its vulnerability as a platform in regards to security. Since 2004, there have been 996 software vulnerabilities found on WordPress. Users must manually update their version of WordPress (and many don’t, leaving them open to further attacks), or set their systems to automatically update. And this is only after these vulnerabilities have been discovered and patched. (29/04/15 UPDATE: This only relates to WordPress.org sites, not WordPress.com - the WordPress.com team handles the security, backup, and hosting, much like Core dna).
Last week, Core dna (our content management system, and platform of choice) stopped 1 million threats. It updates all systems automatically and at the same time, so that its users are offered the highest-possible level of protection and security. There is a team that concentrates entirely on Core dna, and they are the only ones who have access to the source code. This sort of controlled environment is a far cry from the open-source software of WordPress, where users all around the world work on the CMS without a true common direction or peer-reviewed code base.
This latest threat affected users of WordPress 4.2 (as well as previous iterations) who have comments enabled. Worldwide, WordPress.org serves as the CMS (content management system) for about 37 million people. While a patch is being worked on, the advice is simply for administrators to disable comments in order to prevent the site being hacked. (UPDATE: A critical security patch has now been released).
While no platform is invulnerable, the facts are that WordPress has revealed two zero threats this week alone, while Core dna has not had a zero threat this year. Isn’t it time that you got peace of mind? Call us on 1300 750 262.