Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

Solving the WordPress Paradox with Polyscripting

By Archis Gore

Get all the strengths but none of the frailties

WordPress has gained a somewhat contradictory reputation. On one hand, it is the world’s favorite content management system (CMS), but on the other hand, it’s also the most commonly targeted and hacked CMS platform on the planet.

Let’s add some context to this paradox and explore what can be done to resolve it.

There’s no doubt that WordPress stands head and shoulders above its competition. It boasts a market share of over 63 percent, while all the other contenders have achieved less than a 5% share. At the same time, it is gaining even more momentum by being the most popular option for building online web stores. Nearly a third of all e-commerce now goes through WooCommerce, which is just one of the specialized digital transaction plugins available for WordPress.

The benefits of choosing WordPress are easy to understand. It has a well-earned reputation for being easy to use and highly customizable, with over 55,000 plugins and more than 3,500 themes or templates available. You can rapidly spin up a digital storefront with just the look, feel and features needed to appeal to your customers. Its open source heritage also helps keep costs under control and makes it easy to support.

This all sounds incredibly positive, right?

Well… yes and no.

We all know that popularity can be both a blessing and a curse. When it comes to Wordpress, popularity has also made it the number one target for hackers. Up to 90% of all hacked and infected CMS websites are based on WordPress and that code or file injection attacks are consistently flagged as the top security risks. These are what hackers use to get access to customer data, steal credit card details, or hold businesses to ransom.

This doesn’t mean that WordPress is intrinsically unsafe. The challenge lies in keeping the entire ecosystem fully up to date and patched. 86% of WordPress security vulnerabilities come from the thousands of plugins and themes that make it so attractive to users. And that’s without the added worry of zero-day vulnerabilities that can be exploited in the wild before they are discovered and patched.

But enough of the doom and gloom.

What can be done about the situation?

Introducing Polyscripting for WordPress

Polyscripting technology is a brand-new and ground-breaking approach to cybersecurity.

It works by scrambling the syntax and grammar of an entire WordPress deployment. This includes the underlying PHP programming language and matching interpreter, along with all the application code, plugins, and themes that make WordPress so attractive. This effectively gives each website a unique instance of the programming language and an exclusive one-of-a-kind software stack.

The result is a rock-solid environment that is impervious to any remote code injection, file inclusion, or backdoor cyber-attacks that are the go-to techniques hackers use for compromising WordPress powered websites and web stores.  Better still, there is absolutely no impact on functionality, performance, or interoperability.

clarifying the cybersecurity conundrum

It’s clear that anyone hosting or using WordPress is asking for trouble by ignoring the need for enhanced cybersecurity.

Reports suggest that new websites are under attack in less than a minute of going live and the cost of a successful data breach is currently running at around $4 million per incident. WordPress remains a prime target for many of these attacks, with just one recent campaign resulting in over 2000 compromised websites.

Polyscripting technology would have provided total protection and immunity for every one of the organizations targeted and compromised in these attacks.

Hopefully, I’ve piqued your interest.

If you’d like to learn more about how Polyscripting for WordPress can help maximize WordPress strengths while avoiding the frailties, please click on any of the following links:

Interested in learning more?

Be the first to hear about the latest product releases and cybersecurity news.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.