WordPress is the world’s most popular publishing platform, with a strong emphasis on usability and support of open web standards. It powers most of the largest content providers as well as millions of personal blogs. Its open source software, available at WordPress.org, can be downloaded to a suitable server and run as a standalone publishing platform, while ordinary users can quickly create personal sites as sub-domains of WordPress.com.
There’s no doubt that the statistics about WordPress are impressive: ~30% of the million most visited sites on the Internet run WordPress; at 52%, it far surpasses its nearest competitor (at a measly 6.3%) for the largest market share of content management systems; it powers 96% of blogging websites worldwide – we could go on and on, but we refer the reader to other sources for more numbers.
But with such numbers come vulnerabilities. Its popularity makes it a conspicuous target for hackers. Not all hacking is in search of personal data or immediate financial gain. WordPress attacks serve as a fertile finishing school for hackers-to-be as well as provide access to resources that can be used for launching other types of attacks, such as search engine optimizations, ad injections, affiliate links, botnet attacks, etc. Consider some examples:
Read the rest of this post »