Hacker News new | ask | show | jobs
by XparXnoiAx 3449 days ago
Yeah, I wish I could recommend WordPress to people because it's really nice at what it does, but the security flaws are too serious.The fact that it takes months for them to fix serious vulns reported to them only makes it worse.

Seriously, there are youtube tutorials about 'How to Hack Wordpress.' It can't get much worse than that:

https://www.youtube.com/results?q=wordpress+hack
1 comments
WhiteSource1 3449 days ago
How about putting a tool like Incapsula on top (free option offers 2 factor authentication) which makes hacking just a bit harder.
link
XparXnoiAx 3447 days ago
2 factor authentication is great, but it won't stop an attacker from using an XSS attack to get the authentication cookie.

In general, security isn't something that can be tacked on as an afterthought, it has to be built in from the beginning.

link