WordPress security is becoming a growing problem. The authors at How-To-Blog.TV know from first hand experience that the more successful you are with your blog, the more your blog becomes a target of hackers who look for security vulnerabilities in the WordPress platform. Why are hackers interested in your blog? In our experience we’ve seen motivation range from simple website defacing to complex search engine optimization schemes that steal the “link juice” from your site to promote criminal activities on the web.
Why is security such a problem with WordPress blogs? First, WordPress isn’t the real problem. The contributors to WordPress put a lot of man hours into insuring that the software is free of security flaws. However, the platform isn’t perfect and it is dependent on two other components that that fall outside of the control of the platform code base–hosting and plugins.
The first challenge for WordPress security is hosting. In working with private security consultants, we have seen first hand were the majority of shared hosting providers have a laundry list of security vulnerabilities. These security vulnerabilities include older versions of Apache that have known exploits, default settings in the LAMP stack that are vulnerable to security exploits, and a lack of security monitoring systems in their overall infrastructure.
The second challenge for security is security exploits in third party plugins. Many WordPress plugins allow both administrators and end users to interact with them. This includes activities such as uploading information (e.g. forms plugins) and interacting with the base WordPress modules. Hackers know this and are constantly looking to exploit security vulnerabilities in plugins.
Though we are not security experts, the authors at How-To-Blog.TV are committed to sharing WordPress security information with other bloggers to help combat this growing problem on the Internet. We are committed to the following in the area of WordPress security:
- Provide regular posts and animated episodes to provide information about blog security that anyone can understand.
- Explore and review security monitoring services that can help bloggers secure their blogs.
- The development of WP-MalWatch, a security monitoring plugin designed to scan your blog for simple signs that a hacker is at work.
We invite you to participate in our quest for a more secure blogosphere. If you would like to be a guest author in this space or contribute to a module of WP-MalWatch, please contact us at info [AT] how-to-blog.tv.