![]() WordPress is a free and open source content management system (CMS). Site developers and administrators should pay particular attention to the correct use of core APIs and underlying server configuration which have been the source of common vulnerabilities, as well as ensuring all users employ strong passwords to access WordPress. ![]() The WordPress Security Team, in collaboration with the WordPress Core Leadership Team and backed by the WordPress global community, works to identify and resolve security issues in the core software available for distribution and installation at, as well as recommending and documenting security best practices for third-party plugin and theme authors. Since its inception in 2003, WordPress has undergone continual hardening so its core software can address and mitigate common security threats, including the Top 10 list identified by The Open Web Application Security Project (OWASP) as common security vulnerabilities, which are discussed in this document. WordPress’ usability, extensibility, and mature development community make it a popular and secure choice for websites of all sizes. It currently powers more than 43% of the top 10 million websites on the Internet. WordPress is a dynamic open-source content management system which is used to power millions of websites, web applications, and blogs. It is strongly encouraged to always be running the latest stable version of WordPress to ensure the most secure experience possible. Specific security measures and changes will be noted as they have been added to the core software in specific releases. The information in this document is up-to-date for the latest stable release of the software, WordPress 4.7 at time of publication, but should be considered relevant also to the most recent versions of the software as backwards compatibility is a strong focus for the WordPress development team. Decision makers evaluating WordPress as a content management system or web application framework should use this document in their analysis and decision-making, and for developers to refer to it to familiarize themselves with the security components and best practices of the software. This document is an analysis and explanation of the WordPress core software development and its related security processes, as well as an examination of the inherent security built directly into the software. Learn more about WordPress core software security in this free white paper. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |