Providing a base of about 30% of all websites on the Internet, WordPress is the most popular content management system (CMS) today, followed by Joomla and Drupal.
The popularity of WordPress is also one of the causes that attract the attention of cyber criminals.
– Download WordPress here.
– If you do not know how to install WordPress, please refer to the tutorial install WordPress here.
– Tracking way Create a WordPres blog here.
The WordPress vulnerability tripled in 2018.
According to a report by internet security firm Imperva, only in 2018, the number of WordPress related vulnerabilities increased to 542. This number tripled compared to WordPress vulnerabilities in 2017, with nearly 200 holes were recorded. There are fewer vulnerabilities and bugs on Joomla and Drupal, only about 150 errors.
However, the smaller number of security bugs is unlikely to be a safer platform, or rather, these numbers show that attackers are focusing primarily on common platforms.
Not to mention attacks on less popular platforms than WordPress often have more serious consequences, as evidenced by the drupalgeddon vulnerabilities that were massively exploited last year.
The easy exploitation of Drupalgeddon vulnerabilities leads to a series of unpatched website attacks. In the Imperva report, the company said “detected and blocked more than half a million attacks related to these vulnerabilities in 2018”.
Plugins are weak links.
Almost all vulnerabilities, 98% of the total are related to WordPress plugins, equivalent to more than 50,000 CMS official websites. This means that the attacks related to WordPress code only account for 2%.
The company said: “Anyone can create and publish a plugin – WordPress is a fuzzy source code platform, easy to manage, and no processes are required to adhere to minimum security standards (such as (code analysis), so WordPress plugins are vulnerable to many vulnerabilities. “
Web application vulnerabilities are on the rise.
Also according to Imperva’s report, security holes in web applications are on the rise. According to company data, the vulnerability is made publicly available for more than half (54%) of the attacks, and 38% of those have no solution to minimize the impact of the attack. attacks, such as patches or software upgrades.
The types of distributed bugs for web applications accounted for the most in 2018, with about 3,300 bugs. Including 1,980 errors allow remote code execution (RCE) and 1,354 trigger SQL attacks.
In addition, the number of Cross-Site Scripting (XSS) vulnerabilities in the year also doubled, accounting for 14% of all security flaws reported on web applications last year.
In order to improve our security and protect our users’ conversations from the bad guys, WhatsApp for Android test fingerprint authentication on my famous chat app. You can learn more about this feature in development stage on Taimienphi.vn.