Netanel Rubin, a vulnerability researcher for Check Point Software and credited for properly disclosing a security vulnerability to WordPress, published the first in a trilogy of posts that explains how he discovered it.
The vulnerability was discovered during a full audit of WordPress’ code base in which Rubin praised the efforts of the WordPress development team.
In contrast to these frequent findings in 3rd party plug-ins’ code, barebones WordPress issues are rare, as WordPress core developers are well-trained to hold high security awareness for all released code.
We can confirm that during our audit of the source code, we witnessed the developers ‘leaving nothing to chance’, and implementing multiple layers of security protecting most attack vectors we could think of.
WordPress developers deserve praise for their efforts to maintain such complex software in this level of security, specifically considering the presence of the notoriously trigger-happy foot-gun called PHP.
Although WordPress has seen its fair share of security related releases this year, it’s reassuring to hear a third-party whose job it is to penetrate software security praise WordPress’ codebase.