Can a WordPress Site be Vulnerable?
- December 19, 2016
A WordPress site can be vulnerable to external attacks. Although it is one of the most powerful Content Management Systems of the world, it has been recently discovered that these websites are prone to external threats from hackers. Every day, a large number of WordPress sites get compromised with data making them highly vulnerable to security threats. The vulnerability report comes from WordFence which regularly looks for security vulnerabilities by scrutinizing third party plugins and themes used by this community.
Every site using this platform makes a request every hour to the API servers to check for the latest updates or core WordPress updates. During this process if the server is compromised, then the hackers get access to it and can easily use their own URL to download and install corrupt software to the concerned websites. Further, there is a problem where there is a file upload through api.wordpress.org. The process does not involve any security authentication using a code or captcha.
We have to assume that the problem will persist till the point when WordPress comes up with a feasible solution to solve this problem. In a highly competitive market of CMS technology, it is difficult to control the flow of information which might be compromised during the process of transfer. We have to wait and see whether the guardians of this community take an initiative to safeguard the automatic software upload process through a security check. It will prevent unauthorized access from hackers trying to upload links through api.wordpress.org.