tony perez writing on Sucuri blog has posted an interesting article “WordPress Security – Cutting Through The BS” on WordPress security.
“The challenge begins with the end-user. Whether its a set of compromised credentials, installing a bad plugin, not monitoring comments, installing a bad theme, etc.. Then there are the instances of plugins, followed by themes that introduce new vulnerabilities into the environment. Perhaps the most notorious being the introduction of TimThumb via Themes and Plugins.”
Read full article at: http://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.html