At the start of this report into WordPress security, we listed three main objectives, which were: To provide an explanation of how WordPress sites are often compromised and why. This will be based on real data gathered from the Defiant
Part 7 – Hardening and keeping WordPress Sites Secure
What is required to build secure WordPress websites and how to ensure they stay secure. There are a number of considerations that need to be taken into account when first developing a secure WordPress site, however a good starting point
Part 6 – The Importance of Responsible Disclosure
This section of the report looks at the importance of responsible disclosure. I do this by carrying out an analysis of Wordfence attack data following the responsible disclosure of vulnerabilities in two WordPress plugins, and comparing this to attack data
Part 5 – Providing Customers with a Clean WordPress site
As mentioned in the introduction, I am a Senior Security Analyst in the Wordfence Security Services Team (SST). The SST is a group of security analysts responsible for cleaning compromised websites and performing security audits on WordPress websites. Wordfence already
Part 4 – OWASP Top 10 Vulnerabilities Affecting WordPress Applications
The following is an analysis of how WordPress applications can be impacted by each of the OWASP Top 10 vulnerabilities discussed in the previous section. Much of the following research originates from work carried out by the Wordfence team, as
Part 3 – The OWASP Top 10 Web Application Vulnerabilities
OWASP (The Open Web Application Security Project) describe themselves as a “worldwide not-for-profit charitable organization focused on improving the security of software” . They run a number of projects related to web application security, however the project they are best known for
Part 2 – Content Management System – A Background
In this section we are going to provide a Background to Content Management Systems with a look at what a Content Management System is and then go on to look at specific options for Web Content Management Systems available today.
Part 1 – Content Management Systems and WordPress
Introduction to Content Management Systems and WordPress I decided to write about Content Management Systems and WordPress after seeing the damage that irresponsible disclosure can have on website owners globally. WordPress is the most popular Content Management System (CMS) in
WordPress Security and the Importance of Doing the Right Thing
I recently completed a Master degree in Information Security at Royal Holloway, University of London. My dissertation was on the importance of responsible disclosure of vulnerabilites, so I’m going to start with a few posts on that subject. I’ll hopefully