Happy 18th Birthday to WordPress! Our Gift: A Retrospective on WP Vulnerabilities



WordPress turns 18 this week, and it’s never been more secure. It’s taken a long time to get here, and we’ve seen a lot of vulnerabilities along the way. Today we’re going to do a countdown of some of the most memorable vulnerabilities and the lessons to be learned from them.

#wordfence #wordpress #vulnerabilities
———————————————————
Wordfence is offering free site security audits and site cleanings for K-12 schools worldwide.

Announcing Free Site Cleaning & Site Security Audits for K-12 Public Schools


———————————————————
Have you tried Wordfence Central yet?

Try Central


———————————————————
Check out Wordfence Central Teams! You can use Wordfence Central with your Premium AND Wordfence free sites, all for free.

Introducing Wordfence Central Teams


———————————————————
Check out Fast or Slow, the only free website speed profiler that tests your site from 18 locations worldwide.

Start Profiling


———————————————————
Sign up for the Wordfence WordPress Security mailing list. Be the first to know when there is a vulnerability in a plugin or theme you might be using.

Join the WordPress Security Mailing List


———————————————————
The Wordfence Learning Center has all you need to brush up on WordPress security and more:
https://www.wordfence.com/learn/
———————————————————
Wordfence is the most popular choice of WordPress professionals for WordPress security. We have a number of security tutorials on our YouTube channel, including Wordfence tutorials. Wordfence security plugin is the number one choice in WordPress security plugins.
———————————————————
Follow us on Twitter:





———————————————————
Listen to the Think Like a Hacker Podcast

Podcast


———————————————————
0:00 Introduction
3:02 SWAG Question: When and where was the first WordCamp?
3:39 When was WordPress first developed? A Brief History
8:02 First Known Vulnerability Discovered in WordPress
9:31 Mystery of the Critical Open Registration Vulnerability (2006)
11:10 Things got Worse Before they Got Better (2007)
14:38 Plugins Emerge as Main Vector – Tim Thumb (2011-2014) & Revslider (2014)
17:23 Themes Become Common Targets – Newspaper Theme (2016)
19:09 Core Still Needs Review – WP 4.7 Defacement Campaign (2017)
20:58 The Call is Coming from Inside the House – Maison Soiza (2017), Pipdig (2019), VCD (2016-Present)
26:00 File Manager (2020)
30:45 Will WordPress Security Continue to Improve?
33:51 Wordfence has your back – Site Cleanings and Audits
37:32 Will WordPress Security Continue to Improve? – Continued
41:57 Swag Winners – Answer: August 2006 San Francisco, CA.
43:11 What are the Biggest Threats to WordPress in 2021?
45:30 Sign Up for the Mailing List! https://www.wordfence.com/subscribe-to-the-wordfence-email-list/
45:50 K-12 FREE Site Cleaning and Audits – https://www.wordfence.com/blog/2021/01/announcing-free-site-cleaning-site-security-audits-for-k-12-public-schools/
46:30 Wordfence Central – https://www.wordfence.com/try-central/
47:08 We are Hiring! https://www.defiant.com/employment
50:00 “Think Like a Hacker” Podcast – https://www.wordfence.com/podcast/

source