Author: gilesw

At the start of this report into WordPress security, we listed three main objectives, which were: To provide an explanation of how WordPress sites are often compromised and why. This will be based on real data gathered from the Defiant

What is required to build secure WordPress websites and how to ensure they stay secure. There are a number of considerations that need to be taken into account when first developing a secure WordPress site, however a good starting point

This section of the report looks at the importance of responsible disclosure. I do this by carrying out an analysis of Wordfence attack data following the responsible disclosure of vulnerabilities in two WordPress plugins, and comparing this to attack data

As mentioned in the introduction, I am a Senior Security Analyst in the Wordfence Security Services Team (SST). The SST is a group of security analysts responsible for cleaning compromised websites and performing security audits on WordPress websites. Wordfence already

The following is an analysis of how WordPress applications can be impacted by each of the OWASP Top 10 vulnerabilities discussed in the previous section. Much of the following research originates from work carried out by the Wordfence team, as

OWASP (The Open Web Application Security Project) describe themselves as a “worldwide not-for-profit charitable organization focused on improving the security of software” . They run a number of projects related to web application security, however the project they are best known for

In this section we are going to provide a Background to Content Management Systems with a look at what a Content Management System is and then go on to look at specific options for Web Content Management Systems available today.