Nowadays almost all businesses use websites as a standard means of promoting their products and services and interacting with customers. The emergence of Content Management Systems (CMS) gave the opportunity even to small companies to create impressive and functional websites at an affordable cost. According to latest usage metrics, WordPress is the most popular CMS, having 59.5% of the CMS market, or 26.4% of all websites. This is almost 260 million websites!
Due to its popularity, WordPress is an often target for hackers, who may attempt to retrieve sensitive information or cause website crash and damages. A very representative example is the Panama Papers case, where confidential information wasstolen from a badly maintained insecure WordPress website.
Although the default WordPress interface and theme offer a high level of security, they are not enough for building a good looking and fully featured website. The power of WordPress and the reason of its success is the huge variety of themes and plugins that can be easily selected and installed in a website even by novice users. However, they may compromise security by leaving open back-doors to hackers or by ignoring WordPress directives related to this matter.
File upload functionality is important for many companies / individuals who rely their offered services and relationships with their customer to exchange of files. WordPress does not offer this functionality by default, so a plugin is required. However, a file upload plugin may impose important security risks to the website if it is not equipped with adequate protection measures against hackers and other external threats.
Fortunately WordPress File Upload, a file upload plugin that offers many file upload and file view features and capabilities, has taken security very seriously. A comprehensive article that describes in detail what security measures have been adopted by the plugin to protect against all possible threats has been published by Iptanus.