WordPress Continues to Impress with Commitment to Security
This is the kind of headline that, if posted on social media, would immediately attract negative reactions from people who didn’t read the article and haven’t used WordPress.
“WordPress?! You mean that free site for bloggers?” (No.)
“WordPress?! More like WorstPress!!” (Good one.)
Anyway, fortunately for us and our WordPress clients, the folks on the WordPress core team put a lot of effort into security. Yesterday, they announced that WordPress is now on the HackerOne platform. If you’re not familiar, HackerOne helps developers “securely and responsibly report vulnerabilities” about software applications. It was created by the security specialists at Facebook, Google, and Microsoft (heard of them?).
HackerOne’s capabilities are important than they might seem at first glance. If I find a security hole in a popular web application, I need to be able to report it in a way that ensures it doesn’t leak out to those people who might want to exploit it, and that it reaches the people who can actually fix it. The WordPress security team has had this in the works for over a year, and it’s exciting that it has finally come to fruition. WordPress also announced that they’re offering bounties for people who report issues like this, and that so far, they’re averaging over $500/person.
When I was reading this blog, I noticed one other thing that shows the WordPress core team’s dedication to security. In the list of ten most popular blog categories on WordPress.org, Security was the third most popular category. It’s behind only Releases and Development.
If you’re curious about whether or not WordPress is a fit for your company, drop us a line. We’d love to talk about how a new website can help you achieve business goals.