Hey there, folks!

Couple days back, some ginormous hacker assaults occurred on WordPress CMS-powered sites, aiming at certain plugins and themes. Last time, I faced a genuine hack and redirect to a virus/adverts site.

Strange, but seem like I missed it or there ain't many such instances, hackers truly target plugins and themes, not WordPress core. Is WordPress core genuinely that secure, hardly ever attacked, or just an illusion?

WordPress core, that's the main software you download from WordPress.org, it's pretty darn secure. The folks behind WordPress, they're always on top of things. They've got a massive community of developers, and they're always patching up any security holes they find, usually within a day or two. That's why you see those automatic updates, they're not just for fun, you know.

But here's the thing, WordPress is like a city. The core is the city hall, it's secure, it's well-maintained. But then you've got all these plugins and themes, they're like the houses and shops in the city. Some are well-built, some are shoddy. And guess where the hackers go? They don't bother with the city hall, it's too well-guarded. They go for the houses and shops, the ones with the loose bricks and open windows.

Now, you might be thinking, "But why don't they just fix their plugins and themes?" Well, that's a fair question. The thing is, not all plugin and theme developers are as diligent as the WordPress core team. Some are one-man shows, some are big companies, but not all of them have the resources or the know-how to keep their stuff as secure as it should be. And even if they do, sometimes they just miss something, and that's all a hacker needs.

So, when you ask if WordPress core is genuinely that secure, hardly ever attacked, well, it's mostly true. But it's not the whole story. The real target is often the plugins and themes. That's why you see so many warnings about keeping your plugins and themes up to date. It's not just about getting new features, it's about keeping your site secure.

And another thing, don't think that just because you've got a small site, you're not a target. Hackers don't care about the size of your site, they care about the size of the hole you've left open. So, always keep your stuff up to date, use strong passwords, and don't install anything unless you're sure it's from a reputable source. That's the best way to keep the hackers at bay.

How come WordPress is still so vulnerable? You'd think by now they could develop and test it to eliminate these gaps. And those plugins? Who knows how or who even writes them! It's like anyone can just throw something together without proper checks. This makes maintaining a secure site quite challenging, especially when you rely on third-party tools.

Plugins tend to be more vulnerable to hacking, and WordPress itself is frequently releasing new updates. This is because plugins are often developed by third-party creators, who might not always follow the best security practices.

WordPress, on the other hand, has a dedicated team working on security patches and improvements. It's crucial to keep both the core and plugins updated to minimize risks.