A small suggestion: WP needs a Security Forum. I’m shocked there isn’t one…
*Drinks more coffee*
Why? A stock WordPress installation is secure on the software side. Except for further encouraging the market for “security” plugins what would be the point?*
Hacked installations are almost always because someone’s
- running on an insecure host
- running old code or (my favorite)
- runs other insecure applications on the same server.
Those aren’t really WordPress problems exactly but anyone’s welcome to seek help here. ??
If someone’s installation is hacked then the normal How-To and Troubleshooting is the place to be. Creating a Security sub-forum would only further propagate the myth that WordPress is insecure.
*Looks for link, finds it*
This pretty much sums it up for me.
https://wpengine.com/2013/05/08/wordpress-core-is-secure-stop-telling-people-otherwise/
*Note: The plugin authors who work on “security” plugins (yes I do the air quotes thing when I type that) are providing a service to users for free and that is admirable. It’s always good when people contribute to the community like that.
But those plugins also continue that myth and I’m pretty sure all of those authors will tell their users: no “security” plugin is a substitution for the installation owner behaving responsibly and taking ownership of their installation.
