Trend Micro which is an anti-virus company announced their most dangerous list for 2010. Just about everything mentioned in the list has a strong correlation with market share and size which tends to make them more dangerous. This is especially apparent when Trend Micro lists Google as the most dangerous website thanks to its popularity for blackhat-SEO schemes which lead to malware infected sites. However, as for Website Software, Trend Micro labeled WordPress as the riskiest web software used in 2010:
The riskiest software used by websites in 2010 was the popular blogging platform WordPress. Tens of thousands of un-patched WordPress blogs were used by cybercriminals for various schemes, primarily as part of redirection chains that led to various malware attacks or other blackhat search engine optimization (SEO)-related schemes.
I beg to differ. While WordPress certainly made the headlines this year as webhost after webhost became the target of attacks, in most instances, it was discovered that the webhost was to blame as was the case with Network Solutions earlier in 2010. Since WordPress hosted sites appeared to be the ones most targeted, the webhost would immediately place the blame on WordPress itself, a theme or a plugin causing news to spread that WordPress indeed had a security vulnerability which was not the case. All security vulnerabilities discovered in the WordPress software during 2010 were quickly patched and released to the community. Which is why the following is no big shock to anyone with common sense:
Tens of thousands of unpatched WordPress blogs
Un-patched anything is going to be attacked. If Trend Micro wanted to give their statement validity, they would have explained that WordPress is the most popular publishing platform in use across the web and because of that large market share, it is a big target for malicious users. It’s the same reason Microsoft Windows is constantly under attack. However, by keeping your WordPress software up to date along with any themes or plug-ins in use, using a good web-host (note that I’ll be discussing this in more detail in a follow up post/guide) and routinely backing up your entire website, you should have no problems sleeping at night.