The accessibility of the open source platform obviously cuts both ways. It’s highly accessible for users to create a website, in some cases without coding knowledge or the assistance of developers, but it’s also highly accessible to more unscrupulous individuals with nefarious intentions.
The latest cryptocurrency mining malware epidemic is reported to have infected nearly 50,000 sites with crypto-jacking scripts (Bad Packets Report). Of those, it would seem that at least 7,368 are powered by WordPress.
As the owner of any internet connected device, how do you know if your phone, tablet or computer is infected? A clear indication is a decrease in performance, with a sharp increase in CPU usage, devices running hot and impeded battery life.
How can you stop your CPU resources being hijacked by these crypto-jacking scripts? The advice is to install a content blocker that deals with cryptojacking. The most well-known blocker plugin is NoCoin which is available for Firefox, Chrome, and Opera.
It is the responsibility of WordPress site owners (and their development agencies where used) to ensure that they keep up to date with known vulnerabilities, applying security patches, platform and theme updates as they are made available. Although these preventative measures can help to secure your WordPress site (in addition to various server-side measures such as firewalls etc.), there is no single, one-time foolproof security solution for the platform.
As an agency with our own proprietary CMS, developed specifically for the needs of the NFP sector, we are well versed in the open-source vs proprietary debate. We commonly have discussions with potential NFP clients about the benefits and drawbacks. As we also develop commercial ecommerce sites on the open source Magento platform we experience both sides of the story. It’s about matching the most appropriate solution to your business needs.
Whilst the old Benjamin Franklin saying ‘the only certainties in life are death and taxes’ may hold true, there is no escaping the inherent risk of being online. The internet was developed as an open network, to facilitate the flow of information between computers. Why do we accept this level of risk in our day-to-day lives? Because the perception is that measure of the benefits outweighs the risks for most people, for the majority of the time. Possibly a more relevant question is why are we surprised when security issues arise!?!