The Content Management System (CMS) market is dominated by WordPress which is used by more than 30% of websites. WordPress has a storied history of security problems dating back to 2008 and security stats that you’d think would make this software a non-starter, in today’s increasingly security conscious world.
Sucuri, a leading web security company, published in their recent Hacked Website Report that WordPress represents 83% of infected websites or blogs they were asked to repair. Sucuri goes on to report that nearly 40% of these infected sites running WordPress we using out of date software and plugins. With an estimated 30,000 websites being hacked every day and Google “blacklisting” 10,000 sites per day, you can readily understand your chances of having your site compromised if you use this software to manage your website:
>12% chance of being hacked this year
>4% chance of being “blacklisted” this year
We don’t deny that WordPress has been very successful and is highly functional. What we’re pointing out is that the risk of being hacked is just too great—a gamble that undermines any potential value it brings. Quite simply, we believe there are better choices for organizations that require a content management system with a higher level of security, without compromising ease-of-use, functionality or affordability.
One would think that statistics like these would have WordPress users and potential users running for alternatives. Surprisingly, the exodus has not yet started. In our conversations with Digital Agencies that are in the business of building websites, there’s a growing concern across North America that WordPress has significant problems—and yet customers, who are probably ill-equipped to fully understand or assess the security issues inherent with WordPress, continue to use it.
QuickSilk believes the content management system market is at a “tipping point”, that either the weight of yet another security violation or a significant event will put it “over the top.” We frankly do not understand why, when presented with the statistics above, anyone would choose to build an online store, website or blog with WordPress.
We ask ourselves, what’s it going to take for this WordPress community to “wake up and smell the coffee”? What’s it going to take for owners of WordPress blogs and sites to recognize that their brand, reputation as well as private customer and member data are at risk?
We are not so naive as to believe that this blog series will turn the tide but do feel that it will contribute to a discussion that needs to be had.
What is this Blog Series for?
This will be a weekly series of articles in which QuickSilk will lay bare the security issues in WordPress and do so in a way that is understandable for non-IT people. We’ll discuss:
The History of WordPress Security
Fundamental Reasons Why WordPress Is Not Secure
Applicable Industry Studies and Content
The Latest Examples of Security Issues and Breaches
The goal of this series is to impress upon the community that WordPress is not secure (i.e. “unsecure”) and that there are alternatives to be considered.
QuickSilk seeks to push against the inertia and complacency of a market that is either unaware or in denial of the risks it faces: that the WordPress open source project represents a significant risk in terms of data privacy and the organization’s reputation and brand.
We believe it’s a risk that you simply do not need to take.
Want to Contribute?
We will be making contributions ourselves to this blog series, as well as relying on a community of writers who share our concerns about the numerous security issues and risks WordPress sites introduce into an organization.
We will also be sponsoring industry influencers to make submissions and will be clearly identifying them as authors.
Finally, we would like to invite you to contribute. If you have an understanding or an example of a WordPress security issue, consistent with our theme, or have experienced a hack first hand, let us know and we will post it under your name or anonymously.
If interested, please contact us at firstname.lastname@example.org.
Are We Simply Promoting QuickSilk?
Our primary goal is to show how, why and to what extent WordPress is an unsecure environment and a poor choice for a CMS. If you get nothing more than this out of the series, we will be happy.
There are alternatives and yes, QuickSilk is one, however, the primary focus of this series is on WordPress open source software security problems. That said, we don’t want to talk about problems without offering a solution.
We believe QuickSilk is a strong contender and position ourselves as “Your Secure Alternative to WordPress.” That’s why banks, governments, institutes, associations and organizations around the world are choosing QuickSilk—as a more secure, affordable and easy-to-use alternative.
Let’s get back to you!
Starting Tuesday of next week, we are releasing WordPress Security Advisory - A History of WordPress Security.
Moving forward, you can expect a new post on Tuesday of every week. We will help you get a better understanding of WordPress and its potential impact on your organization.
Until then, try and stay out of the way of hackers!
And as always, if you have questions or some advice of your own, please let us know by replying in comments section below! Or join our mailing list. We’d love to know what you think.