Wordpress is a free Content Management System that allows you to create and manage websites very simply and does not require any special technical knowledge. Very popular with bloggers, it is used by 17 million websites, making it the market leader.
The tool offers a whole range of plugins made by individual or professional developers, for free or not, allowing to add features to your website. In 2016, the Content Management System offered over 46,000 plugins on its download platform.
Being the most widely used CMS in the world, Wordpress is frequently targeted by hackers. Wordpress is Open Source which means that the community can participate in its development and improvement. When there is a development on the core of the software, the code is first analyzed by professionals before being published online. However, not all plugins and themes are subject to this type of verification and are therefore potentially vulnerable. Imagine the consequences that could cause a security vulnerability on Wordpress, many websites would be affected.
In February 2017, website owners using the famous CMS, saw their website attacked by hackers. Following the discovery of a vulnerability in the Wordpress REST API version 4.7.2, more than 1.5 million pages were destroyed. This is a large-scale attack as Feedjit (Editor of the Wordfence security plugin) reported having more than 20 different attack signatures. The number of websites affected by this attack is over 40,000, knowing that a website has potentially several pages which can be impacted. An update has been released by Wordpress developers to correct this vulnerability. However, as long as the update is not installed the website will remain vulnerable to attacks.
HTTPCS experts developed a plugin to identify and validate website. Once validated, it can be analyzed by our vulnerabilities detection technology. Aware of the impact caused by the vulnerabilities present in the CMS, our tool will enable you to ensure the security of your website despite the multiple updates of themes, plugins and the software itself. Do not wait to be victim of an attack to protect your website. Take a proactive approach using HTTPCS technology.
Our "HTTPCS Validation" plugin is available for free on the CMS "market place". Once installed you will have to fill in some informations about your contact details. The plugin will make a unique file on your server which will allow the HTTPCS service to validate your website. This identification file is essential to our technology. Without it, you will not be able to launch the vulnerability scanner.