February 13, 2018

The Perils of WordPress Security

No code base can be guaranteed to be 100% bug free. While programmers should aim to write code and software that is bug free, it’s inevitable that bugs will fly in from time to time. When they do pop up, the response can vary due to the nature of the issue. I came across an article recently that brought to life a bug in the wildly popular WordPress product. Their response was sub par in my opinion, especially considering their targeted user base.

I don’t want to go into massive detail about the vulnerability, as that can be read from a variety of sources. In short, it’s super easy to DoS a WordPress site. In layman’s terms, this means overwhelming the site to the point it can no longer respond. At this point your site is down until the attack is mitigated or the hacker stops the attack. The individual who identified the issue notified WordPress of the problem. WordPress then took a hands off response. They claimed DoS attacks were outside of their scope and should be handled at the network or server level. While this does hold some truth to it, the attacker exploited the code to base the attack off of. He then proved the code could be easily updated to prevent the attack.

The issue with the response in this particular case is just as the author of the article states. The main percentage of WordPress users have no knowledge about web servers, firewalls, or other network related topics. A very high number of users run WordPress on the cheap, on shared hosting that is as cheap as possible. They do not have the knowledge or resources to prevent the issue at the network level. They are totally at the mercy of WordPress to patch the code base, which in this case they claimed was not necessary. So these users were left out in the cold, with no jacket!

Issues like this are what we help our clients with at E-dreamz every day. With our Echo platform, you never have to worry about issues like this. We take care of things for you, while you are left to focus on your business. Contact us today to see how we can help you and your business.
BACK TO BLOG

By: Mike Fleming

Chief Technology Officer