![]() Specific Common WordPress Security-through-Obscurity Advice But none of them is near as valuable as making sure that you lock the metaphorical door. All of these are supposed to make you more secure. Common advice is that you should hide “Proudly Powered by WordPress”, the meta generator HTML headers, and a few other things. Let’s say that you want to make it more difficult to find out that you’re running WordPress. But in any state of obscurity, you increase security of the valuables more by making sure the car is locked than you do by obscuring them. Without them visible, they’re no harder to get, but they’re harder to assess as valuable. ![]() With them visible, an attacker knows what they’re going to get. Leaving your valuables locked in a car’s trunk is better than having them visible. This is the heart of security through obscurity’s benefits and downsides. All that’s been done is that its slightly harder for someone to find them. This resembles adding security to them, but isn’t quite the same thing. The thing is, your tax documents or sexy pictures aren’t actually secured by putting them in the folder School/2017/Physics/Experiments. Specifically here, we mean security through obscurity when you rely on people not understanding how your site is built and where they can expect to find its files to protect you.Īnother common security by obscurity technique is to “secure” certain files they don’t want seen by labeling them as “School Work” or something similarly innocuous-sounding. By obscuring your valuables with a trunk or blanket, you make it less obvious to a potential attacker what benefit they may get from breaking into your car.īut with technology, security through obscurity is often a bit different. An example: security through obscurity is the reason that you don’t leave you valuables visible in your car in a well-populated area. Security through obscurity is a general practice through many parts of the world. Security through obscurity is the reason that you don’t leave you valuables visible in your car in a well-populated area. But that doesn’t mean you shouldn’t take some further steps to make your site safer. WordPress running plugins and themes is still secure. And even those can largely be protected against if you simply keep your plugins and themes up-to-date. This is natural and understandable, but those vulnerabilities are sometimes big and important to watch for. And while eyes on security in the core tool have made it rather hardened, the broader ecosystem still contains lots of themes and plugins that make security blunders from time to time. That said, the ecosystem that surrounds WordPress is vast. So if you let WordPress auto-update as it should, you never really have to worry about WordPress itself being insecure. They’re not things that are easily exploited on a random sites by a malicious attacker. ![]() Most of the security issues that are found and fixed in it today are pretty obscure and esoteric. ![]() The core of WordPress is as secure as any similar tool with its history and vintage could be. They’re old websites maintained poorly and with software installed by people not realizing the seriousness of what they’re doing. ![]() But most of the things that have historically made “WordPress” insecure aren’t WordPress, the core software. And there’s some reasons from history that this diffuse thought should be honored as holding some truth. It is very common for people who know very little about WordPress to say that it’s insecure. It stands for “ fear, uncertainty, and doubt.” When you say that someone is spreading “FUD”, you generally mean that they’re using uncertainty or doubt about the usefulness of a given technology or idea to spread fear of it. WordPress running plugins and themes is still secure.įUD is a common acronym inside of the tech community. Let’s dive in! WordPress Is Secure, Anything Else is FUDīasic WordPress is secure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |