WordPress Security Vulnerabilities

Wait, isn't WordPress insecure?

They can't secure Wordpress for you. You still have to do that yourself. Wordpress plugins are chock-full of holes, probably the biggest attack surface this side of Windows XP.

Can't be worse than unpatched wordpress plugins.

Seeing as WordPress requires security updates with genuinely astounding regularity, I'm hesitant to blame the user. WordPress' excessive vulnerability count clearly demonstrates an endemic issue in the software itself.See also:http://www.securityfocus.com/cgi-bin/index.cgi?o=0&l=30&...

Wordpress is quite secure on its own, just stay away from plugins

Wordpress itself isn't all that insecure, but most of the plugins are.

What serious exploits have popped up in WordPress lately?

Wordpress itself is reasonably secure nowadays. It is the plugins which are a mess.

My complaint about Wordpress is always about how frequently it gets attacked. I have had multiple wordpress websites hacked even after keeping them regularly updated and even after having special "security" plugins such as Wordfence installed, the application firewall installed etc.It puts too much of a burden on the site owner from a security perspective.Quite frankly, Wordpress leaks like a sieve. I wish this wasn't true because it is really one of the best/most acces

This comment is a lame hit job. WordPress is the most widely used publishing platform in the world and highly extensible, so there are always going to be third party plugins and themes which get compromised.If security is a concern you can simply avoid third party plugins and themes, or limit your use of them to reputable vendors who have good track records.The code of WordPress itself is pretty robust and the Core team has a great history of fixing vulnerabilities quickly.