Are you a fan of WordPress blogging platform? Watch out!
WordPress has been considered by the anti-virus company Trend Micro as the riskiest web software used in 2010.
"Tens of thousands of un-patched WordPress blogs were used by cyber criminals for various scheme, primarily as part of redirection chains that led to various malware attacks or other blackhat search engine optimization (SEO)-related schemes," explains Trend Micro.
The problem here are the plugins. You are at the mercy of the developer that nothing malicious has been programmed into the plugin. And let's face it, most of those plugins are primarily developed by individual developers or very small teams with limited budget for testing.
Because when you install a WordPress Plugin you are installing an application. And that is a potential source of vulnerability.
In addition to the plugins, it is the code itself which requires an intensive maintenance.
Last week, for example, an important warning was issued by WordPress itself. WordPress was recommending users immediately upgrading their accounts after a critical security bug was found. It was a scripting flaw that could be used by an attacker to bypass security controls and gain unauthorized access to a user's blog.
These kind of mandatory security updates are a problem, especially when they occur during the holiday season.
In other words, if you are running a non-professional blog, you might be allowed to face security threats. You will survive having viable backup of your site and upgrading to a valid site. After all, your blog is not critical for your business. But if you are well-established brand or you take your blogging activity seriously, definitely WordPress (nor Joomla or Drupal) is not for you. At all.