Website Designers - Avoid WordPress
by Brian Rideout • February 10, 2017
WordPress while being very popular website platform has a long history of security vulnerabilities. The REST API vulnerability which is actively being exploited in early February is just the latest. It stems from release 4.7.0 of the WordPress platform which included and enabled by default the WordPress REST API. This acted as an additional attack surface for websites on the WordPress platform. While quickly discovered and a security update released, anyone that hasn't updated to version 4.7.2 is at risk and may have already been compromised.
As I'm writing this on 2/10/2017 1.5 million web pages have been defaced, deleted, or edited. 20 different groups of hackers are having a heyday to see who can hack the most sites. This vulnerability allows site visitors (and hackers) to edit any post or page on the site. These hacks went from zero to 1.5 million in just one week.
As Web designers and developers our clients depend on us to make good choices for them. It's obvious looking at the track record of security releases on WordPress that WordPress is not a safe choice. There are multiple security releases in some cases just days apart. While having an open source product fosters a community of developers, it often makes for easy pickings for hackers. They only have to look at the latest security releases to see what is being patched to reverse engineer an exploit.
In contrast the CMS (Content Management System) we use is proprietary and not released to the public to be reverse engineered. We offer a core set of functions to our client's and frankly both we and our client's think its a much easier CMS to use than WordPress. We've had numerous former WordPress users that exclaim "Gee this is much easier!" upon training on how to edit and manage their site.
If you are ready for a better and safer CMS solution than WordPress for your website platform, give us a call today at 602.427-5626 and extension 1 for sales or fill out our RFQ form here.