OWASP Top 10 & WordPress Security

Please note: this post is incomplete & pending review.

OWASP, the Open Web Application Security Project, is a initiative to help educate, inform, and share information regarding the biggest threats to websites for developers.Β 

OWASP offers a Top 10 list of vulnerabilities and prevention, it is known as the de facto application security standard. So how does WordPress, the engine powering 30% of the internet, hold up against these vulnerabilities? How can we as plugin and theme developers take advantage of the functions, methods, and APIs WordPress created for these security? Let’s break down the list and take a closer look.

The Top 10 OWASP Risks & WordPress:

& More Vulnerabilities & Considerations outside of the Top 10 List:

  • Cross-Site Request Forgery (CSRF)
  • SSL/TLS
  • Open Redirects
  • Executing Commands

& some Security Tidbits to make your install and code more secure:

  • Hardening WordPress
  • WordPress Coding Standards & Security
  • WordPress Security Page
  • 6G Firewall 2018 / Block Bad Queries
  • Keeping up to date