Does being Open Source make WordPress secure?
WordPress is an Open Source CMS, meaning both: vulnerabilities AND their patches are all visible to the WordPress community. So how does this make WordPress secure? If you studied in a more orthodox school, you might have dreaded tests, (at least I did.)
So when I first heard of the concept of Open Book tests, I thought it was a joke. I had a very similar reaction to what I learned about WordPress’ transparent security model, because I couldn’t even begin to understand how declaring weaknesses could be good for security.
But despite my opinions of what security should work like, WordPress is not only one of the most secure CMSes in the world, it’s also the most popular. How does the platform manage this feat?
WordPress is the most popular CMS in the world
Security through transparency
A concept that most Open Source CMSes use, security through transparency means that every vulnerability, (and its patch) is disclosed to the community using the CMS.
News about an attack not only alerts users of vulnerabilities, it also lets hackers know exactly what is vulnerable and how. The situation can be compared to a pharmacist seeing your prescription and having an idea of the
Source: https://managewp.org/articles/13800/does-being-open-source-make-wordpress-secure
source https://williechiu40.wordpress.com/2016/11/08/does-being-open-source-make-wordpress-secure/