> Out-of-date and improperly configured software being at-risk to canned exploits is nothing new
Yeah, but this is not the case here. The software isn't out of date or improperly configured, the software works as intended,it's just full of exploits that will never be patched. To be fair wordpress itself is secure. His blog was hacked because he used a third party plugin that had an known but unpatched exploit.
Here's 100 WordPress exploits, found from the exploit search on metasploit.com - looks a lot like it's all plugins and themes (I haven't checked exhaustively):
which gives attackers huge attack surfaces because of WP's popularity. I'm guessing less than 5% of WP users probably sandbox and properly test their plugins before using them too.
Just by not using WP, you effectively reduce the attack surface of your site or blog immensely. Just self hosting your blog or site would be significantly safer than using WP.
Full disclosure: I've never liked WP from the start and probably never will for a myriad of reasons.
Yeah, but this is not the case here. The software isn't out of date or improperly configured, the software works as intended,it's just full of exploits that will never be patched. To be fair wordpress itself is secure. His blog was hacked because he used a third party plugin that had an known but unpatched exploit.