Page is a not externally linkable
linear - 4:08 pm on Aug 9, 2006 (gmt 0)
As with any featureful tool, the power and flexibility carry a price in terms of complexity. The security-minded would say that WordPress has a "large attack surface." Let's run down the ways that WP can bite you, and discuss how to avoid some of the gotchas. My partial list of considerations follows, to kick off the discussion: issue: general security vulnerabilities. WordPress is so widely used that it gets studied extensively and occasionally effective attacks circulate. issue: Comment spam. Anonymous or semi-anonymous users can add content to your pages if you allow comments. issue: Trackback and pingback spam. Anonymous or semi-anonymous users can add content to your pages if you allow trackbacks. Trackbacks can be thought of as comments that are automated by design. They are submitted by a special URL that submitted to your server. Normally this is from another blog tool, and occurs when another blogger refers to one of your entries. But it can (and likely will) be subverted for spam purposes also. issue: XML-RPC vulnerabilities. WP supports XML-RPC [xmlrpc.com] out-of-the-box. It implements three APIs for posting. This allows submission of posts from alternative blogging clients. Since this interface is made for automation, it may not even be apparent to a WP site owner. Historically, there have occasionally been vulnerabilities in this implementation (WP 1.5.1.3 was released to address a vulnerability). issue: self-registration of user accounts. WP supports the ability for users to create their own accounts on your system for purposes of posting entries. You probably don't want that. That should get the discussion started, I welcome your additional suggestions on running WordPress securely.
WordPress is a leading blog tool, but also has a lot of features that make it interesting to webmasters with communities. It can be considered a general-purpose content management tool as well. This tool has a lot to offer for the serious webmaster--its collection of features can really accelerate the process of putting up a well-done site.
mitigation: Stay current. Running an older WP can be dangerous. Most templates clearly call out the version you are running, so you're not only a target, but easy to find as well. Removing any version tells from your templates is a good idea as well. Subscribe to the release notification mailing list at:
[wordpress.org...]
mitigation: WP has several built-in features around comment spam, and more functionality is available via plugins. Plugins offer additional functionality that complements or extends the basic spam protections in WP. You should seriously consider running the latest WP version, because the spam mitigation facilities are undergoing constant improvement. The built in features are well-explained in the WP Codex here:
[codex.wordpress.org...]
And plugins are listed here:
[codex.wordpress.org...]
If you are using WP as a generic CMS, consider disabling comments entirely. There is a configuration setting in WP to do this, but it will not retroactively affect existing posts. You must individually disable comments for these posts. Removing the comment form alone does not stop comment submissions, which are frequently accomplished though scripting.
for the truly paranoid: Alternatively, you can remove or rename the
mitigation: Disable trackbacks and pingbacks. Under Options > Discussion, uncheck
for the truly paranoid: Alternatively, you can remove or rename the wp-trackback.php file from your installation. This assumes you don't need the trackback features at all.
mitigation: This should really not be enabled by default. If you only submit posts through the web UI, you should remove or rename
for the truly paranoid: write a trap around this file. (details left as an exercise for the paranoid reader)
mitigation: Under Options > General > Membership, uncheck
for the truly paranoid: remove or rename wp-register.php once your necessary accounts are set up.