DerbyCon gives keynote over the WordPress team’s efforts to improve the security in its recent. The WordPress security team’s biggest battle is not just against the hackers but also with its own users to check the security of sites, millions of users still continued to run sites on older versions of the WordPress CMS, who still fails to apply updates to the CMS core, plugins, and themes.
This is the exact challenge WordPress is facing in terms of security of sites using WordPress platform.
Earlier this month Speaking at the DerbyCon cyber-security conference, WordPress Security Team lead by Aaron Campbell gave the public an insight into how the WordPress team has been addressing the security and risks and issues for the past some years.
He told in the presentation that a few years back the WordPress team decided to keep the software secure by patching bugs in efforts to keep users secure on its environment.
According to them, the primary issue was the older versions of the CMS still in use by the users to power their sites. Those older versions were technically secure but are still open to online threats compared to users who are running more recent versions of the WordPress.
In response to security issues, Auto-updates is turned on by default for all new installations although a very few percentages of websites still running on the older versions like 3.x and 2.x.
To tackle this security concern the WordPress is taking some steps like they are working with Google to display training materials inside the Google Search Console dashboard to help users migrate away from older versions of their sites to newer ones and they also created an alert that shows inside the WordPress dashboard itself for those who are using older version of PHP for their sites.
according to W3Techs WordPress is the largest website content management system(CMS), with a market share of nearly 60 percent, and currently installed on over 32 percent of all Internet sites available today.