How Come WordPress Isn’t More Secure?

A ques­tion we get a lot is, Why Isn’t Word­Press more secure?

Excel­lent ques­tions. We used to won­der this our­selves, when we got start­ed!

A few rea­sons:

First, due to his­tor­i­cal lega­cy rea­sons. Word­Press was built the way it was built, using great tech­nol­o­gy of the time. PHP was the coolest thing ever! Per­haps today, it is eas­i­er to build a safer sys­tem from scratch, but it was­n’t when it was first devel­oped. Tech­nolo­gies change, but soft­ware remains in the lan­guage it was writ­ten.

Sec­ond­ly, there is a trade-off between “flex­i­bil­i­ty / easy of devel­op­ment” and “secu­ri­ty.” Said dif­fer­ent­ly: What makes Word­Press so amaz­ing is that it is sooooo easy to work with: you can quick­ly, triv­ial­ly, change the source, change a design, add a wid­get — do almost any­thing. We love it because, it lets us make any changes we want with­out much effort. But with great pow­er comes great respon­si­bil­i­ty: the ease of devel­op­ment has its cost, and that cost is in secu­ri­ty (and per­for­mance — but that’s a top­ic for anoth­er day). To imple­ment so many ide­al secu­ri­ty mea­sures would slow down the core dev… and no one wants that. Well, “no one” except for us!

Third, shock­ing­ly, many of the secu­ri­ty mea­sure are con­tro­ver­sial. Incred­i­ble to believe, I know! Take, for exam­ple, ban­ning IP address­es that hit too many 404‑s. Let me explain. A com­mon tac­tic to break into a site is to just try lots and lots of URLs, that con­tain plu­g­ins with known vul­ner­a­bil­i­ties, to see if the user hap­pens to have it or not. If they do — hack! If they don’t — a “file not found” (404) error. But there’s a down­side to this: log­ging every 404, could bloat the data­base to be huge — thus slow­ing down the site. Plus, dur­ing stages like devel­op­ing the site, the devel­op­ers often to to URLs that may not exist — thus acci­den­tal­ly lock­ing them­selves out. (No, that’s nev­er hap­pened to me, no, nev­er, and espe­cial­ly not two days ago, which served as the inspi­ra­tion for this blog post — no, of course not, this is mere­ly hypo­thet­i­cal.) As a result, the core Word­Press devel­op­ment team has made a trade-off on pur­pose: lets leave Word­Press with the min­i­mum con­fig­u­ra­tions pos­si­ble, and then let each site admin­is­tra­tor decide for him­self which trade-off‑s he/she’s will­ing to make. As a man who loves flex­i­bil­i­ty, I sup­port this phi­los­o­phy.

These are the three core rea­sons. Per­haps there are more, but it’s too ear­ly in the morn­ing for me to think of now!

Any ques­tions? Bueller, Bueller? Just ask!

-Mor­gan