Home

Unchained

Product Blog

Chainguard secures the web: New Laravel and WordPress images

Jordi Mon Companys, Senior Product Marketing Manager

July 15, 2024

As of 2024, WordPress powers approximately 43.2% of all websites on the internet, which translates to 63.3% of the content management system (CMS) market. This astonishing figure gives a sense of how much the world wide web’s security depends on WordPress being safe.

‍

Laravel, on the other hand, is a PHP framework used for web application development rather than a CMS. Laravel is highly regarded among developers for its elegant syntax, robust features, and the efficiency it brings to building web applications.

‍

It already has 86,124 stars in GitHub which is an astounding figure. And some analysts see Laravel growing exponentially from their large and helpful community, with lively conferences and a new version on the horizon. Developers are increasingly frustrated with the instability and rapid change in other PHP frameworks, making Laravel's stability more attractive.

‍

We are excited to announce that we have built WordPress and Laravel container images that are considerably more secure than any other alternative currently available. It pleases us to say that we have contributed to make a considerable chunk of the world wide web a lot safer today. Read on to learn all the details.

Bar graph of popularity of web frameworks and technologies among Stack Overflow users in 2023.

Are developers building WordPress sites using a safe source?

‍

WordPress takes security very seriously and their security team has implemented a comprehensive range of measures to protect its users and their data throughout the years. This includes a dedicated Security Team, responsible disclosure process, regular updates and patches, and automated background updates.

Additionally, WordPress offers secure APIs for developers, input sanitization functions, authentication and session management, XSS protection, access control, CSRF protection, component monitoring, XML processing, SSRF protection, and theme and plugin security guidelines. The WordPress team continuously evaluates and updates these security measures to ensure the best possible protection for its users.

However, many developers are using a container image in order to build their WordPress sites. The official WordPress image is widely used among developers who leverage containerization in their workflows. It simplifies setup, ensures consistency across environments, and eases WordPress installation management. The image is regularly updated with the latest WordPress releases, security patches, and PHP versions.

From Stack Overflow’s 2023 Insight report, WordPress is the most widely used CMS and development platform among its 80k respondents. Laravel is high up there, too.

‍

	WORDPRESS OFFICIAL IMAGE	BITNAMI WORDPRESS IMAGE	CHAINGUARD WORDPRESS IMAGE
Size	682MB	721MB	269MB
Last built	10 days ago	17 hours ago	2 days ago
CVEs	425	236	6
Critical / High CVEs	5 / 39	5 / 22	0 / 1

*resources: WordPress official image, bitnami WordPress image, Chainguard WordPress Image

Image of vulnerability scan of Wordpress official image, showing several CVEs.

‍

Image of vulnerability scan of bitnami's Wordpress image, showing less (but still several critical and other) CVEs.

$Image of vulnerability scan of Chainguard's Wordpress Image with 0 critical CVEs at a fraction of the size.$

Are Laravel and WordPress vulnerable?

Laravel

Using official container images for frameworks and content management systems like Laravel, and WordPress can introduce certain vulnerabilities and a potential blast radius that can be significant if not managed properly. Here's a detailed breakdown:

	Laravelfans image	bitnami laravel image	Chainguard Laravel Image
Size	637MB	807MB	62.8MB
Last built	33 hours ago	2 weeks ago	4 hours ago
CVEs	309	245	1
Critical / High CVEs	3 / 34	6 / 26	0 / 0

*resources: Laravelfans image, bitnami Laravel image, Chainguard Laravel Image

Image of vulnerability scan of Laravel official image, showing several CVEs.

Image of vulnerability scan of bitnami's Laravel image, showing less (but still several high severity) CVEs.

What are Chainguard’s Laravel and WordPress Images?

Chainguard Images are minimal, hardened images that are based on the Chainguard platform. They are designed to make it easy for developers to build secure applications without having to worry about the underlying security of their software supply chain.

There are several benefits to using Chainguard Images, including:

Security:

Chainguard Images are built using the latest security best practices and are constantly updated to address new vulnerabilities.

Compliance:

Chainguard Images can help organizations comply with security regulations, such as PCI DSS and HIPAA.

Ease of use:

Chainguard Images are easy to use and can be deployed with a few simple commands.

The new Laravel and WordPress images

Chainguard’s Laravel and WordPress Images offer a robust solution to address the security vulnerabilities associated with outdated WordPress software and obsolete PHP versions. How? Let me explain:

1. Daily builds from source:

Chainguard Images are designed to be built from source code daily. This approach ensures that the WordPress installation always includes the latest security patches and updates. By rebuilding the entire image daily, Chainguard can incorporate the most recent fixes and improvements as soon as they are available.

2. Granular package management:

Chainguard's approach of dividing the WordPress source code into small packages and subpackages allows for more precise version control. This granularity enables Chainguard to update specific components without affecting the entire system, reducing the risk of introducing compatibility issues while still addressing vulnerabilities.

3. Targeted version bumping:

When vulnerabilities are discovered in specific packages or subpackages, Chainguard can quickly bump the versions of these affected components. This targeted approach ensures that security fixes are applied promptly without waiting for a full WordPress release cycle.

4. Continuous vulnerability scanning:

As part of the daily build process, Chainguard can implement automated vulnerability scanning. This proactive measure helps identify potential security issues before they can be exploited.

5. Integration with trusted sources:

Chainguard's system can poll the National Vulnerability Database (NVD) and other trusted sources for the latest disclosed vulnerabilities. This integration ensures that Chainguard’s WordPress Image is always built with the most up-to-date security information available.

6. Behavioral analysis:

By rebuilding the image daily, Chainguard can also implement checks for abhorrent behavior in the codebase or its dependencies. This can help catch malicious code insertions or unexpected changes in functionality that might indicate a security breach.

7. PHP version management:

The daily build process allows Chainguard to easily manage and update the PHP version used by WordPress, ensuring that the latest secure version of PHP is always used.

8. Minimized attack surface:

By rebuilding from source daily and including only necessary components, Chainguard Images can maintain a minimal attack surface, reducing the potential entry points for attackers.

Chainguard Images are a valuable tool for developers who want to secure their applications. They provide a secure and up-to-date software supply chain, making it easy for developers to build secure applications. Get started today by visiting our Chainguard Images site.

Ready to Lock Down Your Supply Chain?

Talk to our customer obsessed, community-driven team.

Get Started

Our Product

Chainguard Images

Images Directory

By Use Case

Container Image Security

Vulnerability Remediation

Compliance & Risk Mitigation

Software Supply Chain Security

AI/ML Security

Resource Hub

Unchained Blog

Chainguard Labs

Events

Trust Center

Education

Documentation

Courses

Featured Event