Wordpress and Cybersecurity Series

Unless your attention has been firmly outside the internet lately, you will have noticed that cybercrime has reached nosebleed levels. Cybersecurity resources and agencies have profiled the various actors in this space far better than will be done here, and in motivation, the usual suspects are all there - money, notoriety, idle curiosity.


However, there is an increasingly geopolitical angle: state actors, government agencies, or free agents who act in the name of some ideology or philosophy. At the time of writing this, there are hot conflicts in Ukraine and the Middle East as well as cold ideological conflicts across social media platforms and political arenas.


This isn't a geopolitics exploration; however, after completing work to provide a simple web presence for a client, I have had to reflect on the evident increase in hostile and predatory automated technology on the internet. In particular, the geographic origins of that technology make it difficult to avoid connecting physical-world conflicts with those playing out in the cyber-world.


In an age of hybrid conflict, everyone on the internet is seemingly fair game. From the large mega-corporations, we expect to be high-profile targets to the small, ordinary cottage industry businesses: all are now acceptable targets. Targets for what precisely? The standard models of vandalism or extortion are not the only outcomes. Nodes on the internet can also be pocketed for future use and weaponised as nodes in a future distributed operation (attack).


Extensive cybersecurity measures are the minimum required for any professional web presence, regardless of the size of the organisation, community, or individual behind that presence. However, not all web platforms are well-suited to security hardening. WordPress is a great example for the wrong reasons. Born of a friendlier internet age, it is ubiquitous, easy to use, and targeted by cyberprobes like you would not believe. 


This series will cover some eclectic Wordpress configuration points that can remediate vulnerabilities, and consider the myriad of plugins which claim to help.