WordPress Security: OWASP 2017 - A3 Sensitive Data Exposure

Confidential data can be intercepted in the middle of transport (between user and application server). This can be a great risk when associated with personal or financial data.

WordPress internals has several mechanisms which mitigate this risk:

  • Usage of Portable PHP Password Hashing Framework on users password
  • Integrated permission system which controls private data access.
  • Front-end password strength meter which helps user measure their password strength.
  • Hints on password strength improvement on a weak password
  • Optional configuration requiring WordPress to use HTTPS


OWASP 2017 - A3 Sensitive Data Exposure