WordPress: A Resilient Platform in the Age of Hacking

wpaert_resilient

Hocus pocus…Time to focus!

With the quite dynamic development and diffusion of information and telecommunication technologies (ICT) since the early 1970s, accessing relevant as well as irrelevant information has become ubiquitous feature of nowadays. However, the availability of more and more information does not necessarily means that we become able to make clear-cut and good decisions simply because the numerous information and data must be overlooked, analysed and interpreted. We learn by doing, but with the classical type of products and services that are developed or offered by a relatively closed community (owners, employment of the company, supply chains) or protected by intellectual property rights, our learning curve has become even longer, that is to say, the efficiency of our learning-by-doing suffers.

There are at least two important implications of affluent information and data. First, we are now living in the attention economy in which human attention can be considered as a scarce commodity. Companies must compete each other in a more vigorous way to call customers’ attention to their products and services. They do smart adaptation and innovation as marketable hocus pocus to get customers’ focus. Second, we are also living in the age of immediacy. With quantitatively and qualitatively affluent information, people tend to require spot and faster reactions from the side of companies with respect to further development of their services and products according to the dynamics of the needs and claims.

An Answer: Open Source Platforms

One of the innovations that is successfully addressing these two challenges (pursuing attention, while being rapidly updated) was the development of open source digital platforms, such as the WordPress. Open source means shorter learning curve since developers and users can freely make feedbacks and suggestions, or even develop further the platform.

Ultimately, an open source platform like WordPress in our digital age offers better resilience both for the developers and for the users. Resilience is the ability to become strong, healthy, or successful again after something bad happens. It’s about evolution in a sense, for example the camel today is able to bear extremely hot weather because she learned over hundred years of selection and evolution that all of her body fat is good to have in their humps and be able to rehydrate faster than any other mammal.

camel_wpart

WordPress design follows a faster evolution line through open innovation that makes it more resilient over time. Do you remember that WordPress version 1.0 had just introduced remark control back in January 2004, while version 1.2 three months later presented the Plugin Architecture? What big leaps, huh? And now, we at WordPress 4.6.

Still, of course, human psyche plays a key role in the advancement of WordPress as well. People tend to wait. On 16 August 2016, WordPress 4.6 became available, but many WP users prefer waiting for ’x.y.1 patch’, others even aspire to have the first CVE to that version before updating their sites. When many WP admin decide to wait (the famous bandwagon effect), the learning-by-doing efficiency decreases, however. It may reflect a great deal of uncertainties over the reliability of updates among WP users as their pages become more complicated and complex.

Hacking, Ethical hacking, Mapping Vulnerabilities

Cautiousness is here to stay since there is a tension towards that direction. WP admins like to maintain the attention of their users/customers by providing a sustainable platform. Admins do not like to see interruptions arising due to various reasons, for example they do not like to be hacked which, in turn, can deter already existing or further users/customers from using the WP site.

WP is a disruptive solution in the sense that it can be developed and used in a cheaper way than a fully individually coded and designed website. This is why the existence of WP may force more and more not-WP-developers to test and prove the problems with WP to the wider public in a more dedicated and active way. At this point, hacking and security issues arise.

Immediacy also refers to hacking activity when new attacking codes arise so frequently that their manual analysis is no plausible and meaningful any longer. For instance, since WordPress shares the same code base it is possible to hack the content management system through the content publication system. It suggests at least two things:

  1. The role of ’sandbox’ systems has been rapidly appreciating since they are able to automatically detect and decipher the behaviour of malignant codes through their dynamic executions. Another equally important side of this coin is the use of online available scanners, like WPScan, WPSploit, Plecost, Vane (GPL fork), metadefender clients or Cuckoo. Moreover, Ruby framework is also available for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  2. The role of ethical hackers (skilled cyber security professional who has authorization to do hacking at request) are also in greater and greater demand. For example, Hacking as a Service is already out there.

By building on at least these two, WP admins and users can get a more real time and meaningful picture about what is really going on and what kinds of vulnerabilities they face when using WP. For mapping vulnerabilities regarding WP, WPScan Vulnerability Database can also be very helpful.