The WordPress Core Team Receives Praise for Their Efforts to Maintain Security

Netanel Rubin, a vulnerability researcher for Check Point Software and credited for properly disclosing a security vulnerability to WordPress, published the first in a trilogy of posts that explains how he discovered it.

The vulnerability was discovered during a full audit of WordPress’ code base in which Rubin praised the efforts of the WordPress development team.

In contrast to these frequent findings in 3rd party plug-ins’ code, barebones WordPress issues are rare, as WordPress core developers are well-trained to hold high security awareness for all released code.

We can confirm that during our audit of the source code, we witnessed the developers ‘leaving nothing to chance’, and implementing multiple layers of security protecting most attack vectors we could think of.

WordPress developers deserve praise for their efforts to maintain such complex software in this level of security, specifically considering the presence of the notoriously trigger-happy foot-gun called PHP.

I recommend reading the post as it’s a brief look into the mind of a white hat security researcher.

Although WordPress has seen its fair share of security related releases this year, it’s reassuring to hear a third-party whose job it is to penetrate software security praise WordPress’ codebase.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.

3 Comments


  1. The feeling is mutual – Check Point have been a great team to work with, and their talent at finding extremely obscure bugs shows in this report.

    Because it’s worth repeating, we always appreciate security reports at security@wordpress.org – even if you’re not sure, we’re happy to check it out.

    Report


  2. Apart from their words, Check Point also demonstrate their esteem for WordPress by hosting their own blog with it.

    Report


  3. Overall, I think WP security has performed extremely well in addressing discovered vulnerabilities in a timely manner. I can speak to the often difficult balancing act of the process involved. Moreover, it can be a thankless job as I am sure @nacin and others will attest to.

    But it’s the responsible reporting of discovered vulnerabilities by pro’s and novices alike that help keep the code safely updated for use. Everyone who works the process responsibly should stop for a second and give a virtual high five and group hug, and recognize how much you matter to the success of so many.

    Report

Comments are closed.