incrediBILL - 6:39 am on Apr 15, 2013 (gmt 0)
Comparing WordPress to Windows is a bit silly as MS spends many millions on security and since Windows Vista/7/8 has made huge strides to clean up their act and for the first time ever wasn't on the top 10 vulnerability lists while Apple finally made those lists. They may get a lot of flack but Windows isn't the problem most of the time, it's all the other stuff people run on Windows causing the problems such as Java, etc. Likewise, Linux servers when configured properly are pretty dang secure until you install something like WordPress on the server. For the most part it's almost always the 3rd party software that allows hackers to gain access to the OS, not the OS itself, yet the OS takes the heat for their 'vulnerability' which is nonsense.
WordPress, to the best of my knowledge, has never spent that kind of cash and resources to secure their software or we probably wouldn't be having this conversation. People shouldn't have to waste time trying to harden WordPress as it should ship as hardened as possible but that isn't the case. The areas of vulnerability aren't that great in the out-of-the-box product and a team of engineers could harden the heck out of the default product and stop the madness yet it never happens.
Not that I'm a security expert nor do I play one on TV but I do know what's blatantly bad coding practice and what's good coding practice and you can't afford to ever cut corners and be sloppy as someone out there will be waiting for that golden opportunity to prove not only are they smarter than you, but they have all your customer's credit card numbers and have already sold them to the Russians! :)