WordPress has become the leading Blogging platform and Content Management System (CMS) for users all over the world. Larger firms are now turning to WordPress due to the numerous benefits and features it provides. However, just like every piece of software, there are security vulnerabilities that you should watch out for.

When it launched back in 2003 as an open source project, WordPress formed a community in which thousands of people globally developed it and in essence, fine tuned the traditional blogging platform into the leading content management system you use today.

How Secure is your WordPress Installation?

The WordPress Community has produced over 10 updates in the past year alone, patching vulnerabilities and adding new features. Even with the open source world working tirelessly on WordPress, there are still issues with security. The exposure and widespread use of WordPress has attracted more attention from hackers looking to discover the latest security flaw. Its extensive appeal and customizable features are bringing with it a host of ongoing challenges to tighten up WordPress’ security.

The Community does it’s best to stay on top of the latest exploits by creating new updates. However, those WordPress updates aren’t always getting out fast enough and even when they are released not everyone is updating their WordPress websites and blogs immediately.

How did you Install WordPress?

Many users have not done a manual install of WordPress on their server but have rather chosen to install it using Fantastico via their hosting cPanel. Web server easy install apps like Fantastico allow WordPress to be installed in two to three mouse clicks. But is installing WordPress this way the best solution?

If you have gone down the Fantastico route, chances are that you wouldn’t have downloaded the latest WordPress solution as Fantastico doesn’t automatically push out the latest update. Anyone who has used Fantastico already knows they take their time rolling out the latest upgrades of any of the scripts they provide.

So there is a large percentage of users coming under attack by malicious exploits simply because they aren’t using the default install. A great deal of WordPress users that have installed it the easy way simply aren’t monitoring what version they are using. Some may not even know how to upgrade WordPress to the latest version.

Is your WordPress Theme Secure?

One of the biggest attractions for users of WordPress is the massive amount of free themes which are being released daily online for people to download and install on their blog and websites. This doesn’t include the numerous broken professional versions that are circulating around on the internet that are full of WordPress malware.

Today, as more people are searching for free solutions, they are exposing themselves to the risks of hackers taking advantage through multiple avenues. It takes only seconds to install a WordPress theme, which you can do directly through the administration panel in WordPress without downloading a file and having to upload it to your FTP. The downside to this is many people are not even seeing the files which are being automatically installed on their server like website malware. Also, the drive to not pay for clean coded themes has created an easy method for even the newest hacker to gain access to a website through the use of a free theme.

Certainly there are steps that can be taken to reduce this risk – dealing with reputable brand name theme sites, doing a check online to see what experiences other people have had using a specific theme etc. – but that in itself is not enough. Having WordPress security in place is obviously the right call.

We will be releasing the concluding part of this WordPress Security article next Monday, 11th April 2011.


Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.