WordPress is one of the major players in the CMS (content management system) game – right up there with Joomla and Drupal, except with a market share of about 10 to 1 when compared to both of them. WordPress runs about 60% of the world’s websites that run on a CMS platform (find out the exact percentages here), and the next platform behind it, Joomla, is only sitting at around 7%. What this means is we as WordPress users and developers are in the same type of market share model as Microsoft is when compared to Linux and Apple’s OSX. It means that the likelihood of finding an exploit, or a way to gain unauthorized access to a website, is increased dramatically because of the sheer volume of people using it and trying to find vulnerabilities in it.
WordPress adopted the same type of strategy as Microsoft – regularly scheduled updates and patches, and from around 2009 onwards they have locked up the WordPress core and made it one of the most secure CMS platforms out there. However, since you’re never just running on the core – you always have some kind of additional functionality installed in the form of plugins – you need to take extra measures to make sure that you don’t run into any issues.
The Keys to WordPress Security
There are some key things you need to do to make sure you are as secure as possible:
- Update plugins and themes
- Delete unused plugins and files
- Create secure passwords
- Manage administrator access
- Always have regular backups
If you take the above steps, the likelihood of your site being hacked is reduced to an absolute minimum. Updating WordPress isn’t hard. But, new updates every few weeks can quickly become a pain. Each new security update means testing the update against plugins and themes before pushing it live. For us as web developers, it means time consuming work if a major update breaks anything in another plugin or even the theme the site is running on.
The next update that comes around means doing that all over again. But software is only as secure as the latest version, so you have to update every time a version is released. SiteProtect can handle all of this for you.
Anecdotal and empirical evidence demonstrates that the WordPress core is secure and the WordPress team is unparalleled in its reaction to emerging exploits, which means that the weak link in preventative security is usually the end user. If you want your WordPress site to be safe and secure then you need to make sure you are taking the time each week to follow the above steps, or have someone like SiteProtect do it for you.
Will I still have to Worry?
There is no such thing as a 100% secure website, or a 100% secure Content Management System. All we can do is work with the most secure version of the latest software, take precautions, and do our due diligence ahead of time to mitigate any potential future problems.
WordPress can be as secure as any other CMS platform out there, but it’s ultimately up to you to determine your site’s own security by ensuring that either you are keeping it safe or you are having the best person for the job do it for you. You are the key to effective security, more than anything else.
Is WordPress secure? Yes. Are you keeping your website secure? Only you can answer that question. Find out more about what SiteProtect does to keep your website safe by clicking here.