WordPress Security: OWASP 2017 - A3 Sensitive Data Exposure
Confidential data can be intercepted in the middle of transport (between user and application server). This can be a great risk when associated with personal or financial data.
WordPress internals has several mechanisms which mitigate this risk:
- Usage of Portable PHP Password Hashing Framework on users password
- Integrated permission system which controls private data access.
- Front-end password strength meter which helps user measure their password strength.
- Hints on password strength improvement on a weak password
- Optional configuration requiring WordPress to use HTTPS
Reference: