WordPress 3.7: Is it really secure?

by Ajay Singh, Nov 3, 2013 3 Comments

First of all hats off to team WordPress in adding Background Updates¬†feature with 3.7 release. Named Count Basie, to honour the legendary Jazz musician, WordPress 3.7 comes with a promise to improve security. If this feature is turned on (by default it’s turned on) then WordPress will automatically update itself for minor released i.e. 3.7.x versions.

WordPress 3.7

WordPress 3.7

I, personally, liked this feature as I manage hundreds of self hosted WordPress blog and with every minor releases I had to manually log in and update them one by one. WordPress 3.7. Updating hundreds of self hosted WordPress blogs is a real pain. With WP 3.7 this pain will be gone. Just sit back while WordPress updates itself in the background without your intervention.

Stronger Password Meter¬†feature is not interesting to me as I’ve always been unconsciously conscious about choosing a strong password. It might prove to be an useful feature for those who have been in habit of using weak password.

Now coming back to the WordPress vulnerability, is WordPress now more secure?

Answer is no.

Background Updates might reduce the chances of a WordPress blog being hacked as it will update automatically for any security updates by the time dark forces take control of your blog. Background Updates is really a cool feature but far away from making WordPress secure.

Since I’ve been using WordPress I’ve never come across any of my self hosted WordPress based blog which has been the victim of WP security vulnerability.

In all instances of breach it has been always theme or a plugin to blame.

A WordPress blog is as secure as the theme and plugin it is using.

Unless team WordPress takes care of patching the plugin and theme holes WordPress is never going to be fully secure.

 

Comments

3 Responses to “ WordPress 3.7: Is it really secure? ”
  1. Cathy

    Point proven Ajay. Recently my WordPress blog was hacked. Hackers gained entry via a theme’s vulnerability. I always keep my blog updated with latest releases. Theme, obviously, was left with security hole. I wish if theme and plugins could be forced to a systematic vulnerability check before launching it on the WordPress. I’m also in favour of blocking non-wordpress endorsed themes and plugins.

  2. Jonathan

    Would it automatically update to major versions as well?

    • Ajay Singh

      At the moment Background Updates will not update to major version. I hope that they will add major version update in Background Updates.

Leave a Reply to Cathy