Select Page

What are WordPress Vulnerabilities and Threats?

by | Sep 18, 2022

You may be wondering why I’m using pictures of Jenga towers. They’re a great way of showing the difference between vulnerabilities and threats.

Understanding vulnerabilities

A vulnerability is a weakness. You can view a longer definition in the NIST glossary.

In the game of Jenga, the main vulnerabilities are the missing blocks in the tower.

Here are a few examples of potential vulnerabilities in WordPress sites:

  • Contact form plugins not sanitising data properly, leaving sites vulnerable to Cross Site Scripting (XSS).
  • Users using poor passwords which can be easily guessed.
  • Developers making mistakes when changing settings on your site.

Vulnerabilities don’t exploit themselves. This is where threats come in.

But first, threat actors…

A threat actor is a person or group of people which can exploit a vulnerability. In the game of Jenga, each player is a threat actor. If several opponents teamed up, they could work together to cheat.

Understanding Threats

A threat is something which can exploit a vulnerability.

In our Jenga game, a few examples of threats are:

  • opponents kicking the table
  • wind or air movement
  • earthquakes (an extreme example but they’re still a threat!).

On a WordPress site, examples of threats include:

  • bots brute forcing the login form with common passwords
  • targeted attacks from individuals
  • targeted attacks from organisations.
Jenga Tower Threats