Neil Batchelor

Interesting read.... Two percent of WordPress plugins are responsible for 99% of the vulnerabilities.

"The 2022 WordPress Vulnerability Annual Report"
https://ithemes.com/blog/the-2022-wordpress-vulnerability-annual-report/

#WordPress #Security #Vulnerability #WP #Plugin #Plugins

The 2022 WordPress Vulnerability Annual Report

The WordPress Vulnerability Report answers the question, "How secure is WordPress?" The threats increase daily, and 2022 was no exception.

iThemes
Feb 10, 2023 at 11:33amWeb
Show threadIpstenu (Mika E.) 🏳️‍🌈Feb 10, 2023
@nbwpuk Sounds about right, honestly.
Show threadNeil BatchelorFeb 10, 2023
@ipstenu yeah, true. Unfortunately it's that 2% that give the whole ecosystem a bad rap.
Show threadIpstenu (Mika E.) 🏳️‍🌈Feb 10, 2023

@nbwpuk It's complicated.

The 2% aren't necessarily all that bad in the first place -- as the article notes, you gotta upgrade!

But the real heart is ... reasonable reporting.

Instead of finding a bug, privately disclosing, and letting people fix ... they just attack. And worse is when 'reputable security firms' turn around an report "THIS IS A HACK!" before also talking to the plugin person about it.

iThemes is a good one, in my experience.