WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. Unfortunately it is also missing the vital security functions that protect the application from malicious attacks. A default install of WordPress is not as secure as Web Application Security Professionals would like, hence the need for extra layers of defence to ensure that the application remains secure at all times.
Download: wordpress-modsecurity-paper.pdf