A 2024 Introduction to WordPress Security for Enterprise Decision Makers

In today’s digital age, WordPress has emerged as the leading Content Management System (CMS), powering an extensive array of websites across the globe. From small blogs to large-scale enterprise websites, WordPress’s flexibility, ease of use, and robust feature set make it the preferred choice for content management. Its dominance is not just a testament to its capabilities but also highlights its importance in the fabric of the internet. As of 2024, WordPress continues to command a significant portion of the web, making it a critical platform for businesses and content creators alike.

However, with great popularity comes great scrutiny—especially from the perspective of security. For enterprise WordPress sites, which often hold sensitive data and serve a large user base, security is not just a concern; it’s paramount. The stakes are incredibly high, as breaches can lead to significant financial losses, damage to brand reputation, and loss of customer trust. In an era where cyber threats are increasingly sophisticated and relentless, ensuring the security of a WordPress site is an ongoing challenge that requires constant vigilance and a proactive approach.

Drawing insights from the Wordfence 2023 State of WordPress Security Report, we gain a comprehensive view of the security landscape that WordPress sites face today. The report, a culmination of extensive research and analysis, sheds light on the evolving nature of threats, the prevalence of vulnerabilities within the WordPress ecosystem, and the implications these security challenges have for businesses. Through this lens, we are not only able to understand the current state of WordPress security but also derive actionable recommendations to safeguard sites against potential threats.

This blog post aims to serve as a primer for enterprise decision-makers, outlining why WordPress security should be a top priority and how to navigate the complexities of protecting your online presence. By leveraging the data and metrics from the Wordfence 2023 report, we’ll explore key vulnerabilities, examine trends in cyber attacks, and discuss best practices for maintaining a secure WordPress environment. Whether you’re managing a single site or overseeing a portfolio of WordPress sites for your enterprise, this guide is designed to equip you with the knowledge and tools needed to fortify your defenses and ensure the integrity of your digital assets.

Key Takeaways

Before we dive in, below is an executive summary:

  • WordPress Dominance: WordPress stands as the premier Content Management System (CMS), empowering a vast spectrum of websites worldwide (over 42.3% of all websites run WordPress). Its unmatched flexibility, ease of use, and comprehensive feature set solidify its status as the backbone of digital content management.
  • Security Imperative: With WordPress’s widespread adoption comes the heightened scrutiny of security. Enterprises managing WordPress sites must prioritize security measures to protect sensitive data and maintain user trust. The consequences of security lapses—ranging from financial losses to reputational damage—are too significant to ignore.
  • Insightful Analysis: The Wordfence 2023 State of WordPress Security Report provides an in-depth look at the security landscape facing WordPress sites, highlighting evolving threats and vulnerabilities. This analysis is crucial for understanding current risks and formulating effective countermeasures.
  • Proactive Security Measures: Ensuring WordPress security demands ongoing vigilance and a proactive strategy. Regular updates, comprehensive security solutions like Web Application Firewalls (WAF) and malware scanning tools, and the employment of best practices are fundamental to maintaining a secure WordPress environment.
  • Vulnerability Management: The distinction between vulnerabilities and exploits is key to security management. Enterprises must stay informed about common vulnerabilities, such as XSS and CSRF, and the critical role plugins and themes play in security breaches.
  • Themes and Plugins: A marked increase in attacks targeting vulnerabilities in themes and plugins was noted. Enterprises should be aware of and mitigate against this by exercising caution regarding which plugins and themes they install, and the maintenance and updating of the same.
  • Attack Trends Awareness: Recognizing prevalent attack methods, including credential stuffing and XSS attacks, is essential for crafting robust defense strategies. Educating teams and users on potential threats and preventive measures further strengthens security.
  • Advanced Security Strategies: Beyond foundational security practices, enterprises should explore advanced strategies, including engaging in vulnerability bounty programs and partnering with security experts. Securing the hosting environment and implementing strategies to combat sophisticated attacks are also vital.
  • Security Hardening: using expert consultants, like Silicon Dales, WordPress can be significantly hardened to make vulnerabilities being exploited in your context unlikely.
  • Ongoing Engagement: Security is a continuous endeavor that requires regular assessment and adaptation to emerging threats. Enterprises are encouraged to evaluate their WordPress sites’ security posture and seek professional security services or consultations for tailored advice and support.
  • Utilize Available Resources: A wealth of resources is available to enhance WordPress security knowledge and implementation. From official WordPress guides to security plugins and professional consultations, leveraging these tools can significantly improve your site’s security.

This guide is designed to equip enterprise decision-makers with the insights and tools necessary to navigate the complexities of WordPress security. By taking proactive steps and engaging with the broader security community, enterprises can ensure their WordPress sites remain secure, reliable, and trusted by users.

WordPress is Dominant

Over 42.3% of all websites use WordPress. Of those that use a known CMS, this number rises to over 62.8% of websites. See the source for that data here. Such dominance means that WordPress has a lot of available code, and many many available developers, making it relatively cost effective solution. However, with so much code out there, not all of it is built the same. Secure WordPress websites control what code is deployed alongside Core WordPress.

Understanding the WordPress Security Landscape

The landscape of WordPress security is as dynamic as it is challenging. In 2023, the WordPress community witnessed an unprecedented scale of vulnerabilities and attacks, underscoring the need for heightened security measures and awareness. Drawing from the Wordfence 2023 State of WordPress Security Report, let’s delve into the critical statistics and evolving threats that have shaped the current security environment for WordPress sites.

Key Statistics and the Scale of Vulnerabilities

In 2023, the WordPress ecosystem faced a staggering number of disclosed vulnerabilities, significantly surpassing previous years’ figures. The Wordfence report tracked a total of 4,833 vulnerabilities across WordPress core, plugins, and themes, marking a substantial increase from 2022. Among these, Cross-Site Scripting (XSS) vulnerabilities were the most prevalent, with 1,963 instances reported. This category alone accounted for a significant portion of the overall vulnerabilities, highlighting the persistent challenge XSS poses to WordPress security.

Cross-Site Request Forgery (CSRF) and SQL Injection (SQLi) vulnerabilities also saw notable upticks, with CSRF vulnerabilities nearly tripling compared to the previous year. These vulnerabilities not only underscore the variety of attack vectors that adversaries exploit but also the critical need for comprehensive security strategies that address multiple facets of web application security.

The Evolution of Threats from 2022 to 2023

The transition from 2022 to 2023 has been marked by an evolution in both the sophistication and diversity of threats targeting WordPress sites. While credential stuffing attacks remained a significant threat, accounting for a substantial portion of all attacks, there was a noted decrease in their frequency, thanks to concerted efforts by law enforcement and the cybersecurity community. However, this decline was offset by an increase in other types of attacks, particularly those leveraging XSS vulnerabilities, as techniques exploiting these weaknesses became more mainstream.

Moreover, 2023 witnessed a surge in attacks focusing on exploiting vulnerabilities within plugins and themes, reflecting a shift in attacker tactics towards targeting less secure components of the WordPress ecosystem. This trend emphasizes the critical importance of maintaining up-to-date plugins and themes, alongside the core WordPress installation, to mitigate potential entry points for attackers.

The report also highlighted new trends in malware and attack strategies, including a notable shift towards attacks aiming to compromise entire web hosting environments. This broader approach by attackers underscores the evolving nature of cyber threats, where adversaries seek to maximize their impact by targeting the underlying infrastructure of WordPress sites, beyond the sites themselves.

In summary, the WordPress security landscape in 2023 presents a complex picture of escalating threats and vulnerabilities. The data and insights from the Wordfence 2023 report serve as a stark reminder of the ongoing battle against cyber adversaries and the imperative for enterprise decision-makers to adopt a proactive and comprehensive approach to WordPress security. Understanding these trends is the first step towards fortifying your WordPress sites against the ever-evolving threats they face in the digital realm.

The Significance of Vulnerabilities in WordPress

In navigating the complexities of WordPress security, it’s essential to distinguish between vulnerabilities and exploits and understand how these concepts play into the broader security landscape. This understanding is foundational for enterprise decision-makers aiming to mitigate risks and safeguard their WordPress installations.

Explanation of Vulnerabilities vs. Exploits

Vulnerabilities in WordPress are essentially flaws or weaknesses in the system that can be leveraged by attackers to gain unauthorized access or cause harm. These vulnerabilities are theoretical in nature until they are actively exploited by attackers. Exploits, on the other hand, are the techniques or code that attackers use to take advantage of vulnerabilities, turning a potential risk into an actual attack. The distinction is crucial because not all vulnerabilities will be exploited, but all exploits rely on existing vulnerabilities.

Overview of the Most Common Types of Vulnerabilities in 2023

In 2023, the WordPress ecosystem saw a diverse range of vulnerabilities, with some types being more prevalent and impactful than others. Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) stood out due to their frequency and the severity of the risks they pose to businesses. XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access to sensitive information or spreading malware. CSRF attacks trick users into executing unwanted actions on a web application in which they’re authenticated, compromising the integrity of interactions with the affected site.

Both XSS and CSRF vulnerabilities can have significant consequences for businesses, including data breaches, loss of customer trust, and financial damages. The prevalence of these vulnerabilities highlights the necessity for continuous monitoring, timely updates, and the implementation of robust security measures to protect against potential exploits.

The Role of Plugins and Themes in Security Breaches

Plugins and themes are integral to the WordPress ecosystem, offering extensive customization and functionality to websites. However, they also represent one of the most significant security challenges. In 2023, vulnerabilities within plugins and themes were responsible for the majority of security issues in the WordPress ecosystem, underscoring their role in security breaches.

The complexity and sheer number of available plugins and themes mean that maintaining security across these components is a daunting task. Vulnerabilities in these areas are particularly concerning because they can be exploited across multiple sites, amplifying the impact of an attack. For enterprises, this emphasizes the importance of vigilant security practices, including vetting plugins and themes for security issues, keeping them up to date, and removing or replacing those no longer maintained by their developers.

In conclusion, understanding the nature and significance of vulnerabilities within WordPress is critical for enterprise decision-makers. By recognizing the most common types of vulnerabilities and the role of plugins and themes in security breaches, enterprises can better prepare and protect themselves against the evolving landscape of cyber threats.

Attack Trends and Their Implications for Enterprises

The cybersecurity landscape is ever-evolving, with attackers continuously refining their methods and discovering new vulnerabilities to exploit. The Wordfence 2023 State of WordPress Security Report unveils critical insights into the most prevalent attack methods targeting WordPress sites, highlighting the importance for enterprises to adapt their defense strategies accordingly. This understanding is pivotal in fortifying your WordPress installations against potential security breaches.

Summary of the Most Prevalent Attack Methods in 2023

The year 2023 saw a diverse array of attack vectors being exploited by cyber adversaries, with some methods seeing a significant uptick in activity:

  • Credential Stuffing: Despite a noted decrease in frequency thanks to global crackdowns on botnets, credential stuffing attacks remained a substantial threat. These attacks leverage previously breached username and password combinations, targeting sites en masse in the hopes of finding matches. Enterprises with a large user base are particularly vulnerable to such attacks, as the sheer volume of attempts increases the likelihood of a successful breach.
  • Cross-Site Scripting (XSS) Attacks: XSS vulnerabilities saw a dramatic rise in exploitation as attackers became more adept at using these flaws to inject malicious scripts into websites. These scripts can steal cookies, hijack sessions, or deface websites, leading to data breaches and compromised user trust. The widespread nature of XSS vulnerabilities, particularly in plugins and themes, underscores the need for rigorous input validation and sanitization practices.
  • Cross-Site Request Forgery (CSRF): CSRF attacks, which trick a user into executing unintended actions on a website where they’re authenticated, also saw a notable increase. These attacks can lead to unauthorized changes in user settings, data theft, and other malicious outcomes. Protection against CSRF requires a thoughtful approach to web application security, including the use of anti-CSRF tokens and strict same-origin policies.

The Importance of Understanding Attack Vectors for Better Defense Strategies

For enterprises, understanding the nuances of these attack vectors is not just a technical necessity; it’s a strategic imperative. The first step in defending against these attacks is recognizing the specific threats they pose and the vulnerabilities they exploit. This knowledge enables businesses to prioritize security measures, such as regular vulnerability assessments, timely patch management, and the implementation of robust security plugins and firewalls.

Moreover, educating staff and users about the risks and signs of such attacks can significantly reduce the chances of successful exploitation. Training programs should include information on recognizing phishing attempts, the importance of using strong, unique passwords, and the necessity of multi-factor authentication (MFA) to add an additional layer of security.

Ultimately, the goal is to create a comprehensive security posture that addresses not only the technical defenses but also the human elements of cybersecurity. By staying informed about the latest attack trends and their implications, enterprises can develop more effective defense strategies, making their WordPress sites less attractive targets for cybercriminals.

WordPress Core, Plugins, and Themes: A Security Analysis

The security of a WordPress website is only as strong as its weakest link. While the core software is maintained by a dedicated team of developers committed to keeping it secure, the open-source nature of the ecosystem means that vulnerabilities can and do arise. The expansiveness of this ecosystem, including the vast array of plugins and themes available to users, introduces additional complexities to maintaining a secure WordPress environment.

Analysis of WordPress Core Vulnerabilities and Their Severity

The WordPress core is designed with security in mind, undergoing regular updates and patches to address known vulnerabilities. In 2023, the Wordfence report documented a relatively small number of vulnerabilities directly within the WordPress core compared to those found in plugins and themes. However, the impact of core vulnerabilities can be significant, potentially affecting millions of sites worldwide. These vulnerabilities ranged in severity, but thanks to the swift response from the WordPress security team, patches were quickly released to mitigate risks. This underscores the importance of keeping the WordPress core updated to the latest version.

The Disproportionate Role of Plugins and Themes in Introducing Vulnerabilities

While the core of WordPress remains relatively secure, the same cannot always be said for plugins and themes. In 2023, a substantial majority of the vulnerabilities reported were within these components. This is not entirely surprising, given the sheer number of plugins and themes available—each with its own development and maintenance practices. The diversity and abundance of these add-ons are what make WordPress so versatile and popular, yet they also represent the platform’s most significant security challenge.

Plugins and themes can introduce vulnerabilities for several reasons, including lack of regular updates, poor coding practices, or abandonment by the developers. The Wordfence report noted that Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) were particularly prevalent in these components, illustrating the need for rigorous security reviews and updates by plugin and theme developers.

Case Studies or Examples of Significant Vulnerabilities and Their Impact

One notable example of a plugin vulnerability in 2023 was found in a popular SEO tool used by millions of WordPress sites. This vulnerability allowed attackers to execute arbitrary code, potentially taking over the site. The issue was quickly patched once discovered, but it highlighted the potential for widespread impact due to the popularity of the affected plugin.

Another significant case involved a theme that included a bundled plugin with a known vulnerability. The plugin allowed for unauthorized file uploads, leading to several instances of malware injections across sites using the theme. This case illustrates the compounded risk when themes bundle plugins, especially if those plugins are not kept up to date.

These examples emphasize the critical nature of maintaining vigilance with plugins and themes—choosing reputable sources, regularly updating, and monitoring for known vulnerabilities. The impact of neglecting these steps can range from minor inconveniences to major security breaches, affecting not just the individual site but potentially compromising user data and eroding trust in the site’s brand.

In summary, while the WordPress core maintains a strong security posture, the ecosystem’s vastness, particularly the plugins and themes, continues to be a fertile ground for vulnerabilities. Enterprises using WordPress must adopt a proactive approach to security, prioritizing updates, and employing best practices to mitigate the risks posed by these indispensable components of the WordPress experience.

Proactive Measures and Best Practices

In the face of a constantly evolving threat landscape, adopting proactive security measures and adhering to best practices is paramount for safeguarding WordPress sites. Enterprises, in particular, must ensure the integrity of their online presence by taking decisive steps to mitigate vulnerabilities and enhance their defense mechanisms. Below, we outline essential strategies that should form the foundation of any WordPress security plan.

The Critical Role of Regular Updates and Patching Vulnerabilities

  • Timely Updates: One of the simplest yet most effective measures to protect WordPress sites is regularly updating the core software, plugins, and themes. Updates often include patches for security vulnerabilities that have been discovered since the last version. Failing to apply these updates promptly leaves sites susceptible to exploits targeting these known vulnerabilities.
  • Vulnerability Patching: In addition to applying updates, actively monitor security advisories for any disclosed vulnerabilities within the WordPress ecosystem. For critical vulnerabilities, consider applying patches or workarounds provided by the developers or security researchers before an official update is available.

The Importance of Choosing Reputable Plugins and Themes

  • Vetted Sources: Opt for plugins and themes from reputable sources, such as the official WordPress repository, which offers a level of vetting and review. When considering premium products, choose established vendors with a track record of regular updates and positive user feedback.
  • Security Reviews: Before installation, conduct a basic security review of plugins and themes. Look for regular updates, compatibility with the latest version of WordPress, and active support from the developers. Additionally, utilize tools and services that scan for known vulnerabilities within these components.

Implementing Strong Access Control and Authentication Methods

  • Principle of Least Privilege: Ensure that WordPress user accounts have only the permissions necessary to perform their tasks. Limit the number of administrator-level accounts and regularly review user roles to reduce the risk of unauthorized access.
  • Strong Password Policies: Enforce strong password policies for all user accounts, utilizing a combination of letters, numbers, and special characters. Encourage users to avoid reusing passwords across different sites and services.
  • Multi-Factor Authentication (MFA): Implementing MFA adds an additional layer of security beyond just the username and password. Even if login credentials are compromised, MFA requires a second form of verification, such as a code from a smartphone app or a hardware token, significantly reducing the risk of unauthorized access.

Additional Security Practices

  • Security Plugins: Utilize comprehensive security plugins that offer features such as firewall protection, malware scanning, and intrusion detection. These plugins can significantly enhance your site’s resilience against attacks.
  • Regular Backups: Maintain regular backups of your WordPress site, including the database and all files. Backups are crucial for restoring your site in the event of a security breach or other catastrophic failure.
  • Security Awareness Training: Educate your team and users about the importance of security practices, such as recognizing phishing attempts and safeguarding personal and sensitive information. An informed and vigilant user base is a critical component of your site’s overall security posture.

By integrating these proactive measures and best practices into your WordPress management strategy, you can significantly enhance the security of your enterprise’s online presence. Remember, security is an ongoing process that requires attention and adaptation to effectively counter new threats as they emerge.

Advanced Security Strategies for Enterprises

For enterprises leveraging WordPress as a cornerstone of their digital presence, adopting advanced security strategies is crucial to safeguard against sophisticated cyber threats. Beyond basic best practices, these strategies involve a combination of cutting-edge technology, expert insight, and a proactive approach to security management.

The Need for Comprehensive Security Solutions

  • Web Application Firewalls (WAF): A robust Web Application Firewall serves as a critical line of defense against common web-based attacks, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF), among others. By filtering and monitoring HTTP traffic between a web application and the Internet, a WAF can prevent unauthorized access and data breaches.
  • Malware Scanning Tools: Implementing malware scanning tools enables enterprises to detect and remove malicious software that might have infiltrated their WordPress site. Regular scanning for malware helps in identifying vulnerabilities that could be exploited by attackers and ensures that the site remains clean and secure.

The Benefits of Engaging in Vulnerability Bounty Programs or Partnering with Security Experts

  • Vulnerability Bounty Programs: Participating in or hosting vulnerability bounty programs encourages security researchers to responsibly disclose vulnerabilities in your web applications, including WordPress. These programs can uncover potential security issues before they’re exploited by malicious parties, thereby enhancing the site’s security posture.
  • Partnering with Security Experts: Collaborating with cybersecurity experts or hiring dedicated security professionals provides access to specialized knowledge and skills essential for securing complex WordPress installations. Security partners can offer ongoing monitoring, threat intelligence, and rapid response to security incidents, ensuring that enterprise WordPress sites remain resilient against attacks.

Strategies for Securing the Hosting Environment

  • Secure Hosting Selection: Choose a hosting provider known for its strong security measures and positive reputation. Look for features like continuous monitoring, attack mitigation, and support for secure protocols.
  • Safeguarding Against Sophisticated Attacks: Protect your site against sophisticated attacks targeting web host management systems by:
    • Keeping all server software and scripts up to date.
    • Using strong, unique passwords for server and database access.
    • Implementing network segmentation to limit the spread of any intrusion.
    • Regularly reviewing and minimizing the number of plugins and themes to reduce potential attack vectors.
  • Secure Configuration: Ensure that your hosting environment is configured securely. This includes disabling unnecessary services, applying the principle of least privilege for server processes, and using secure, encrypted connections for data transmission.
  • Regular Security Audits: Conduct regular security audits of your hosting environment to identify and remediate potential vulnerabilities. This should include assessments of web servers, database servers, and application software.

By adopting these advanced security strategies, enterprises can significantly enhance the protection of their WordPress sites against the increasingly sophisticated and varied landscape of cyber threats. Security is an ongoing journey, requiring constant vigilance, adaptation, and investment in the latest technologies and expertise to stay one step ahead of potential attackers.


For enterprise decision-makers, the security of your WordPress site is not just a technical issue—it’s a fundamental aspect of your business’s online presence and reputation. As we’ve explored throughout this guide, the landscape of cyber threats is both broad and deep, with vulnerabilities ranging from the core WordPress software to the plugins and themes that extend its functionality. The impact of a security breach can be devastating, affecting not just your data but also your relationships with customers and your brand’s integrity.

The importance of WordPress security cannot be overstated. It requires a proactive and comprehensive approach, combining regular updates, vigilant monitoring, and the adoption of advanced security measures. However, security is not a set-and-forget task; it is an ongoing process that demands continuous engagement and adaptation to new threats.

We strongly encourage all enterprise decision-makers to take a proactive stance on security practices. Begin by assessing your current WordPress site’s security posture. Identify any areas of weakness, from outdated plugins to insufficient access controls, and take immediate steps to address these vulnerabilities. Regularly review and update your security practices to keep pace with the evolving threat landscape.

Moreover, consider the value of professional security services and consultations. The complexity of WordPress security, coupled with the potential consequences of a breach, makes expert guidance and support an invaluable asset. Security professionals can provide comprehensive audits, tailored advice, and ongoing monitoring services to ensure your site remains secure against current and future threats.

In closing, let this guide serve as a call to action for enhancing the security of your WordPress sites. By embracing a culture of security within your organization and seeking out the expertise needed to safeguard your digital assets, you can protect your enterprise from the myriad of cyber threats it faces. Remember, in the realm of cybersecurity, complacency is the enemy of safety. Take action today to ensure your WordPress site remains a secure and trusted platform for your users and customers.

Additional Resources

To further enhance your understanding and implementation of WordPress security measures, we’ve compiled a list of additional resources. These resources include guidelines on best practices, recommendations for security plugins and tools, and options for professional consultations. As well as the links below, these resources are readily available with a simple search or by visiting reputable WordPress security websites.

WordPress Security Best Practices

  • WordPress Codex on Security: The official WordPress Codex offers comprehensive guides and articles on securing your WordPress site, covering everything from basic steps to advanced security measures.
  • Hardening WordPress: An essential guide provided by WordPress.org that outlines strategies to fortify your WordPress installation against common security vulnerabilities.
  • Security Blogs and Websites: Websites like Wordfence, Sucuri, and here at Silicon Dales, we frequently publish articles, guides, and updates on WordPress security best practices and emerging threats.

Recommended Security Plugins and Tools

  • Wordfence Security: Offers a firewall, malware scan, and live traffic monitoring features to protect WordPress websites from various threats.
  • Sucuri Security: Provides website security features such as malware scanning, security activity auditing, and blacklist monitoring.

Professional WordPress Security Consultations

  • Professional Security Services: For personalized security solutions, consider reaching out to companies specializing in WordPress security, such as Sucuri, Wordfence, and WP White Security. These organizations offer professional consultations, security audits, and ongoing monitoring services.
  • Freelance Security Experts: Platforms like Codeable and Toptal host profiles for freelance cybersecurity experts with experience in WordPress. These professionals can provide tailored security audits, recommendations, and solutions based on your specific needs.
  • WordPress Security Forums: Engage with the WordPress community through forums and discussion boards like the official WordPres Slack. Experienced WordPress developers and security experts often share advice and offer support for security-related queries.

By leveraging these resources, you can significantly improve the security of your WordPress site. Remember, the landscape of cybersecurity is continually evolving, so staying informed and proactive is key to protecting your digital assets effectively.

Lastly, if you work for a large Enterprise which is considering WordPress, or would like unbiased advice on adopting policies which suit larger organizations using the world’s most popular CMS, please contact us for a consultation on your needs and requirements.

Leave a comment

No links of any kind allowed in comments - if you add any links, your comment will automatically be deleted.