ansaurus

Question

Answer 1

+1 A:

It partially depends on your threat model. If you want to run your own blog - it's fine, just stay on top of upgrades. If you're securing patient data, no it's not secure. A lot of people bash it, but there haven't been any big security holes in WP proper for a bit, to my knowledge. It's plugins and misconfigurations.

You're going to be a target for people doing drive-by hacking, using one exploit on thousands of sites trying to drop in spam. That's why it's important to stay on top of updates. But overall, it's fine for personal, or even corporate use. I'd recommend it over trying to roll your own, for sure.

There are ways to increase it's security:

lock down parts you don't need/use like xml-rpc
stay on top of updates
don't use plugins

Tom Ritter 2009-06-29 18:44:12

:) I have no plans on storing patient data og credicard numbers. But I will have quiet a few users registering. I would assume that plugins are fairly safe as long as one can study the code? (Not that I'm good at that....) Currently I'm using quite a few plugins.

Steven 2009-06-29 18:51:28

Answer 2

+1 A:

I don't really know how to define how secure it is, but I can tell you a few things about it that should help you make up your mind.

By default Wordpress does not secure logins, so usernames and passwords are passed in cleartext. And most people use Wordpress like that.

That said, since version 2.6, you can force logins to be under SSL by adding this to your wp-config.php:

define('FORCE_SSL_LOGIN', true);

You can also opt for forcing SSL for all administrative tasks by using:

define('FORCE_SSL_ADMIN', true);

That should make it pretty good. And regardless of the version you are using, you can always force SSL for admin with mod_rewrite:

RewriteRule ^/wp-admin/(.*) https://myblog.com/wp-admin/$1 [C]

And, if you need a different folder for the SSL part:

RewriteRule !^/wp-admin/(.*) - [C]
RewriteRule ^/(.*) http://myblog.com/$1 [QSA,L]

That would force everything under wp-admin to work under SSL and everything else would be forced to "regular" HTTP.

Other things to consider is MySQL. If your blog communicates with MySQL over the Internet, you have one more thing to worry about. Most setups have MySQL inside a secure network, though. Even better if MySQL runs on the same machine as the web server, so you can communicate without relying on TCP/IP at all.

Roberto Teixeira 2009-06-29 18:49:30

Hmm... I've read that using https demands a lot from the server. And one should only use it for the parts of the site which demands extra security. So I don't think using it on the entire admin section would be such a good idea?

Steven 2009-06-29 19:13:12

Sure, that's why Wordpress has the FORCE_SSL_LOGIN option, so that only the login is forced through SSL. On the other hand, the admin part of Wordpress has a great deal of cookie stuff going back and forth, so SSL is not that bad an idea there either.

Roberto Teixeira 2009-06-30 14:35:26

hmm.... and I think the system needs a few hundred concurrent users simultaneously performing load demanding services in order to slow down the server?

Steven 2009-07-06 13:52:15

ansaurus

tags:

views:

answers:

How secure is Wordpress?

related questions