I was under the impression that Wordpress was the poster child for bad security? Not necessarily because it has bad security itself, (though it may be a bit like flash and java in that regard also?) but that the average Wordpress "site admin" bought it as a point-click-install and has below-average skills to maintain the site and make sure updates get applied. Would this be a fair assumption? Wordpress lets people that are otherwise incapable of running a secure web site actually go ahead and try to run one anyway? (at least 80% of the phishing I see have bait clicks that direct to a lookalike web site hosted on someone's hacked wordpress site, and omg I am soooo tired of seeing gsx phishing, Apple must have leaked their email list, I was getting a gsx phish TWO PER DAY for weeks, it's down to one every other day now)
