A lot of folks like myself use WordPress as their Content Management System (CMS). I have helped develop over a 100 websites, to date, including the National Property Preservation Guild’s (NPPG) Main Website, their Forum (a Simple Machines Forum) and their Wiki (a MediaWiki Platform like Wikipedia).
Below are the Specifications being Implemented in the WordPress 3.6.1 Update. I listed them for the Geeks. 😉
WordPress is probably the easiest software for website development on Earth! As with any software, though, WordPress requires Updates. The Updates keep your website safe and secure … for the most part. All WordPress — and most Plugins — are One Click Updates. So, the two MOST IMPORTANT THINGS FOR RUNNING YOUR WEBSITE ARE:
CHANGE YOUR LOGIN NAME FROM ADMIN TO SOMETHING NEW ALONG WITH A PASSWORD WHICH HAS LETTERS, NUMBERS AND CHARACTERS; AND INSTALL UPDATES IMMEDIATELY!!!!!!!!!!!
- Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
- Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.
- Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.