Ability to hack WordPress

  • Resolved mnorth

    (@mnorth)


    9 years, 11 months ago

    I’m really not sure if this is the right place to pose this issue, but I’m having a debate on another forum regarding the security of the fundamental code associated with WordPress.

    There’s an Australian site called Whirlpool dedicated to many subjects, but very much into IT related subjects. Every time that someone raises a question about WordPress, a number of ‘experts’ pipe in and claim that WordPress is the most insecure publishing system in existence and make every effort to discourage its use.

    A recent such thread was raised and one pundit responds to my question:

    So you’re saying that you can hack any WordPress site in existence?

    Yes… Word for word that is exactly what I said.

    https://forums.whirlpool.net.au/forum-replies.cfm?t=2546167&p=-1&#bottom

    Is there an authoritative way in which such statements can be rebutted?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    9 years, 11 months ago

    There aren’t any authorities of WordPress. Just like any other argument, the person making the point should provide evidence. If you want some reassurance, I recommend you read the ww.wp.xz.cn security page: https://ww.wp.xz.cn/about/security/

    If someone did know a security issue with WordPress (core) they should report it appropriately and not disclose it on a public forum: https://make.ww.wp.xz.cn/core/handbook/testing/reporting-security-vulnerabilities/

    Thread Starter mnorth

    (@mnorth)

    9 years, 11 months ago

    I actually believe that WordPress is as secure as anything on the internet. My view is that, predominantly, most security issues are user issues, just like with any OS.

    However, there are those that keep trying to scare users away from WordPress using their involvement in the IT industry as some form of authority. Some are actually competing with WordPress and attempting to dissuade people from using it.

    When someone says that they can hack any WordPress site, at any time, doesn’t that suggest that a rebuttal is in order? Or is that statement a matter of fact?

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    9 years, 11 months ago

    People can make their own mind up about the person making the claim, when there is no evidence to support it and the reading audience are ignorant of security. It’s as you say, scare tactics.

    When someone says they can hack WordPress at any time, they’re not saying much. If they say something specific then that can be investigated. Otherwise I would dismiss it.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    9 years, 11 months ago

    When someone says that they can hack any WordPress site, at any time, doesn’t that suggest that a rebuttal is in order?

    Dog whistle. 😉 You don’t have to feed the trolls when they make noise.

    *Drinks coffee*

    It’s easy for “experts” to chime in on “security” but frankly, that’s nonsense and it’s a pointless effort to explain to those “experts” that they’re mistaken.

    In the past when I replied to those dog whistles I used this link.

    https://wpengine.com/blog/wordpress-core-is-secure-stop-telling-people-otherwise/

    And then I walked away. I don’t really bother anymore for years because those “experts” know more about “security” than any professional.

    And if you imagined my doing the air quotes thing then you would not be wrong. 😉

    Thread Starter mnorth

    (@mnorth)

    9 years, 11 months ago

    I’ve asked the ‘expert’ to ‘walk the walk’ so that I can pass it on to people here. The sad thing is that such ‘experts’ can have an influence on the less knowledgeable.

    I’m not an IT expert, so when I challenge these individuals, in an IT centric forum, it’s not easy to gain traction. Anyway, I’ll await a response.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    9 years, 11 months ago

    Please remember what I said above about disclosing security issues, we do not want to discuss details on a public forum.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    9 years, 11 months ago

    Reminder
    People who strongly believe they have discovered a security issue should report that issue to the core team, as outlined here: https://make.ww.wp.xz.cn/core/handbook/testing/reporting-security-vulnerabilities/

    I’m going to close this thread now.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Ability to hack WordPress’ is closed to new replies.