Coffee Talk: Internet Journal

WordPress Security

Issues and solutions for the WordPress blogging platform.

Platform 2005 2006 2007 2008
WordPress 11 18 49 34
Joomla 4 28 31 12
Drupal 6 17 16 8

Graph that shows incidents of vulnerability of WordPress as campared to other popular types of installable blogging platforms: Joomla and Drupal.

WordPress Self Defense Course

To keep your WordPress blog safe:

1. Update WordPress.
2. Update your WordPress Theme.
3. Update WordPress Plugins.
4. Monitor WordPress news sources for alerts about security vulnerabilities and upgrades, such as WordPress Wednesday news on the Blog Herald, WordPress Planet (official WordPress aggregator), the WordPress Development Blog, and Weblog Tools Collection.

Always keep a backup copy of the latest version of WordPress, your WordPress Theme, a full backup of your WordPress database, WordPress Plugins, and copies of all the images and files on your host server. If something does happen, you may need these backups to restore your blog. We also advise you to have a local, full backup in case the remote files become corrupted or violated, so that you don't have to parse through file by file and line by line looking for manipulated code of customized modules or templates.

Unwanted Links: Signs of Manipulation and Attack

- Install and run the WP Scanner WordPress Plugin from Blog Security.
- In FireFox, go to Tools > Page Info > Links (not available in FireFox 3 Beta) and check each link to ensure you put it there and it goes to sources you trust. Manually view the page source code of your blog ( View. > Page Source. ) and check to ensure each link belongs.
- Examine your WordPress Theme template files, especially the header.php and footer.php for unwanted content and links.
- Check random posts on your blog for unwanted content and links. Edit these through the Administration Panels to remove the unwanted content from the database.
- Search your template files, stylesheets, and database for " display:none " or " height:0 " as these are common styles used to hide unwanted content and links.
- Silpstream’s WP-phpMyAdmin WordPress Plugin can also help with searching the database directly from your WordPress blog

WordPress Security Statistics

WordPress security and vulnerabilities by year

Total vulnerabilities by incident reported by year: 2004, 2005, 2006, 2007, 2008

Wordpress security by percentage

Total vulnerabilities in percentage reported by year: 2004, 2005, 2006, 2007, 2008

WordPress security 2005 - 2008

References:
The United States Computer Emergency Readiness Team (US-CERT)
NVD is the U.S. government repository of standards based vulnerability management data.
web.nvd.nist.gov
http://web.nvd.nist.gov/view/vuln/statistics?execution=e1s1

IRONPAPER DESIGN, New York City, is a full scale website design and development agency that specializes in strategic branding, web marketing, search engine optimization and online business advancement.

New Project: Nicole Wolcott Dance
Nicole Wolcott is a New York City based choreographer and associate artistic director of Keigwin and Company.