WordPress Security: OWASP 2017 – A3 Sensitive Data Exposure

Confidential data can be intercepted in the middle of transport (between user and application server). This can be a great risk when associated with personal or financial data.

WordPress internals has several mechanisms which mitigate this risk:

  • Usage of Portable PHP Password Hashing Framework on users password
  • Integrated permission system which controls private data access.
  • Front-end password strength meter which helps user measure their password strength.
  • Hints on password strength improvement on a weak password
  • Optional configuration requiring WordPress to use HTTPS

Reference:

OWASP 2017 – A3 Sensitive Data Exposure

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.