Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.

Steve Zurier, Contributing Writer, Dark Reading

January 21, 2021

8 Slides

WordPress sites account for more than one-third of all websites on the Internet, including some of the most highly trafficked sites and numerous e-commerce sites. So it stands to reason that companies would spend a lot of time and resources on protecting site security, right?

Unfortunately, says Ted Harrington, executive partner at Independent Security Evaluators (ISE), too many organizations believe that because WordPress runs on open source, it's innately secure.

"The assumptions many people have is that because it's open source, the best ethical hackers will work to find security vulnerabilities and we don't need to focus on security," Harrington says. "The truth is we still need defense in-depth and can't assume that WordPress is secure."

Indeed, over the past year, critical vulnerabilities were discovered that impacted more than 1.5 million WordPress sites and were often linked to one of the 50,000-plus plug-ins that enhance WordPress functionality, adds Timothy Chiu, vice president of marketing at K2 Cyber Security. 

"Security vulnerabilities continue to be discovered," says Chiu. "Each new vulnerability is a good reminder that plug-ins can affect your site's overall security."

Armed with the seven tips that follow, WordPress administrators and security teams will have the basics they need to lock down their sites. Read on.

About the Author(s)

Steve Zurier

Contributing Writer, Dark Reading

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights