One of the questions people ask most often about WordPress is, “is WordPress secure?”. No site is secure, but the reason WordPress sites are really insecure is because of plugins and themes people download and put on their site. As of WordPress 3.5.2 the core is secure enough that I can say I am not aware of any zero days. A zero day is an exploit that let people hack a site that needs to be patched as soon as possible. We’ve decided to make WordPress plugins and themes secure. We are currently making our service even better and will post a link to a new article when it is ready. People may email us or post a comment on this post asking us to automatically scan a theme or plugin and see if it is secure. If it is we will tell them that it is secure, if it isn’t we will rename the plugin or theme, secure it, email the developer and wait a whole week for the developer to reply to our email. If they refuse to release a secure version or don’t reply within a week, then we will email WordPress and put the secure version of the plugin and or theme up
on our site until the developer releases a secure version. Once the developer makes an update that fixes the security holes. If that happens we will notify everyone who downloaded the secure version from us. If people continue to run insecure plugins hackers end up noticing and making their site send out spam or defacing it.
This movement is to bring awareness to how insecure WordPress plugins and themes are and how insecure code in general is and to show people that they have options, they don’t have to unknowingly run insecure code on their site any longer. We’re on the job!