WordPress.org

Acerca de

Seguridad

Seguridad

We take the security of the WordPress project and the ecosystem seriously. With over 20 years of history and powering more than 43% of the web, we're committed to ensuring security for all, from solo bloggers to enterprise organizations.

WordPress encourages responsible disclosure of vulnerabilities in WordPress core, in plugins and themes available on WordPress.org, or in the wider WordPress ecosystem.

If you believe you have found a vulnerability in WordPress, please keep it confidential and report it to the WordPress Security Team.

If you believe you have found a vulnerability in a WordPress plugin or theme available on WordPress.org, please keep it confidential.

Our process

The WordPress project is committed to providing a stable, secure, trusted platform for more than 43% of the web. The core WordPress software development lifecycle includes code review throughout the process, with open-source contributions reviewed by trusted committers.

The WordPress Security Team works to identify and resolve security issues across the WordPress core software, harden the software against threats such as the OWASP Top Ten, and provide guidance across the ecosystem.

In addition to more than 50 trusted experts, including lead developers, security researchers, and key contributors to every component of WordPress, sponsored members of the Security Team dedicate time to identifying and addressing concerns in the software and ecosystem.

To address responsibly-disclosed security vulnerabilities, the Security Team works to develop fixes, create robust test cases, and release those fixes in bugfix releases. While only the latest version of WordPress is officially supported, the Security Team also backports fixes to older versions as a courtesy, to ensure older sites receive critical security fixes via auto-updates.

The Security Team also works directly with significant web hosting operators and security ecosystem providers to detect and mitigate threats to WordPress-based sites, including coordinating release rollouts and developing web application firewall (WAF) mitigations.

Learn more about the WordPress project's security stance in our whitepaper.

Plugin Developers

La Guía de seguridad del Manual de APIs Comunes es tu guía de referencia para los principios de desarrollo seguro.

Si pensás que identificaste un problema de seguridad en tu propio plugin, el equipo de plugins de WordPress está acá para ayudarte.

Más información sobre cómo abordar los problemas de seguridad en tu plugin.

Desarrolladores de temas

La Guía de seguridad del Manual de APIs Comunes es tu guía de referencia para los principios de desarrollo seguro.

Si pensás que identificaste un problema de seguridad en tu propio tema, el equipo de revisión de temas de WordPress está acá para ayudarte.

Más información sobre cómo abordar los problemas de seguridad en tu tema.

Alojamientos web

La Guía de seguridad del manual de administración avanzada contiene información clave sobre cómo proteger tu entorno de alojamiento.

También recomendamos encarecidamente publicar una política de divulgación responsable propia.