WordPress Security / Pentest / Routines
In 2020, it is no longer possible to leave a WordPress site unmaintained.

Client: Oh, many!

Year: 2015+

Work: Backend / Security, Sysadmin

Platform: LAMP/LEMP, WordPress

Via ThreatPost, 9 January ‘19:

Vulnerabilities in popular content management system (CMS) WordPress are growing at a rapid rate, up 30 percent in 2018, according to new research released Wednesday by Imperva.

The overall number of new vulnerabilities in web apps in 2018 (17,142) soared upwards by 21 percent compared to 2017 (14,082).

Third of the known web application vulnerabilities don’t even have any available solution, including a workaround or patch.

“Despite the common belief that all our smart electronic devices can be easily compromised, it appears that this area is not targeted as strongly anymore,” researchers said. “Possible explanations include: IoT vendors have finally started to implement better security in IoT devices, or hackers and researchers found an area to focus on where it takes less effort to profit from an exploit.”

Data about WordPress attacks show it is not reasonable in 2020 to leave a WordPress site unmaintained. You won’t get near-zero cost maintenance for WordPress anymore, content management systems and web publishing in general has gotten far too indispensable for that.



Other Work