Matthias Rebbe wrote:

> One problem i see with WordPress is, that its popularity make it a
> popular target for hackers.

Any sufficiently popular system will be *targeted* by hackers. The question is: how many result in a successful exploit?

Aiming for a target and actually hitting it are usually very different metrics.

I subscribe to a few security newsletters (I've found O'Reilly's particularly worthwhile), and CVEs against WP seem reasonably rare the days, with quickly deployed updates to counter them. I see CVEs against every OS far more regularly. While there was a spate of PHP issues just after the turn of the century, in recent years we don't even see much there, probably far fewer than for JavaScript which affects many more people (every web browser).

Popularity may guide hacks, but with WP it's also a very strong plus: the ecosystem of plugins and themes is vast. And even on the security side, its popularity is useful by providing more eyeballs reviewing and fixing code.

Overall, I'd say WP is no less safe than just about any alternative, provided you do the basic stuff any system requires: automate security updates, use only the latest release version, use strong and unique passwords, always use HTTPS (Let's Encypt now makes that both free and automatable), etc.

Ass we've seen with most exploits, those involving WP sites were usually running outdated versions, or had weak passwords, or some other easily-avoidable weakness unrelated to the system itself.

 Richard Gaskin
 Fourth World Systems
 Software Design and Development for the Desktop, Mobile, and the Web

use-livecode mailing list
Please visit this url to subscribe, unsubscribe and manage your subscription 

Reply via email to