WordPress is the biggest risk our users

The WordPress security team's biggest battle is not against hackers but against its users themselves s.

Millions of them continue to run websites on older versions of WordPress CMS which often fail to protect the core, plugins and themes from .WordPress

Speaking at congress for DerbyCon cyber security earlier this month, Aaron Campbell of the WordPress Security Team gave the public a picture of how WordPress has been dealing with this issue in recent years.

He described the process as a shift in focus, as the WordPress team decided instead to maintain it safe with bug fixes, focus on keeping users safe, through software as well as their actions.

"The first thing we learned was that users are more important than software," Campbell told the audience.

The main issue is that millions of users are still using older versions of WordPress for their pages. Older versions are technically secure, but they face more risks than the most recent versions.
So after big internal discussions, the WorrdPress team decided to support these earlier versions because many users still use them. The decision also has its drawbacks as facilities with five-year security loopholes should be supported.

As a security team this is very difficult (the backport patching process).
We are trying to find ways to upgrade these versions automatically without spoiling the web pages, trying to effectively get rid of them from the internet.

One of the ways the WordPress team uses is automatic updates via a mechanism released with WPrint 3.7, 2013.

Automatic updates are enabled by default for all new installations, and appear to help keep installations in recent releases.
The WordPress team also created one that appears in the WordPress dashboard when users are using older versions of PHP.

Campbell also mentioned that the WordPress team works with the developers of the most popular plugins and this has paid off tremendously. , as smaller plugins have begun to follow (or steal) the coding techniques used by larger projects.

So indirectly security has increased in almost all plugins.

____________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).