WordPress VulnerabilitiesDid you know that if a system has an IP address or a URL, then it’s fair game for attack from a hacker? That’s been the universal law and it always will be. So why is it that WordPress security and WordPress vulnerabilities seem to make the headlines so often? After all, if you’ve got an IP or a URL, attacks are to be expected.

The answer is simple. WordPress is the most popular CMS (Content Management System) in the world and so journalists jump all over the news of a new “WordPress Vulnerability” or “WordPress Security Threat.” WordPress vulnerabilities are common – not because Matt Mullenweg and the rest of the WordPress team aren’t savvy when it comes to website security, but because hackers are hurling their attacks at WordPress each and every day.  Once a WordPress vulnerability has been found, hackers exploit it – normally by spreading malware. Depending on how successful the hacker is, they can infiltrate the millions of WordPress websites with malware.

Like what Microsoft has experienced with Windows over the years, and even more recently with Adobe and Java-related flaws, WordPress is the 800 pound gorilla that’s pervasive worldwide so that’s what the criminals are going to target. Let’s face it, WordPress is the celebrity and the hackers are the paparazzi.

On top of the fact that WordPress drives a large percentage of websites, it’s being downloaded, implemented and used by people who aren’t necessarily IT or security professionals. It’s everyday people who aren’t aware of what can happen and what there is to lose when a new WordPress vulnerability hits town. WordPress is fairly simple to use and therein lies the problem. It’s powerful and extensible but that facilitates complexity, security flaws and subsequent attacks.

No web platform – no computer for that matter – is perfectly secure. As with practically all security-related problems, as long as people are involved, WordPress vulnerabilities will prevail. Many people want someone else to fix all the ills of the world, but in this case, it’s ultimately up to us – the users – to ensure our websites stay locked down and in check and avoid any WordPress issues. The incentive to make this happen is there for no one else other than you.

Right then. We’ve seen how why WordPress vulnerabilities occur, but how can we deal with them and make sure they don’t do any harm to our websites and blogs? Generally speaking, fixing the vulnerabilities is an easy task, finding them is the real problem. Acunetix can easily and automatically uncover your WordPress security issues. Start your 14-day trial today.


Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.