Is your WordPress website safe?

Over the years working within the online community there is a general misconception that WordPress, as a CMS and eCommerce platform, is not secure enough and should be avoided in favor of other platforms such.

This post should help to ease any apprehensions you may have regarding WordPress and also inform you of why it is in fact one of the more secure CMS platforms currently available on the open source market.

Coding on PC

Hacking and Vulnerabilities

WordPress has become the main target of hackers over the years simply because it has developed into the most popular CMS on the internet, according to business.com, and it would be fair to say that in the early years hackers have been successful in exploiting its weaknesses. An important point to note and something that is often overlooked when critiquing WordPress’ security is that in recent years no significant scares have been caused by vulnerable code within the WordPress core. According to wordpress.org any major security issues have instead been the soul responsibility of third-party scripts included in themes and plugins. When it comes to plugins, vetting them is very crucial. If a plugin isn’t regularly updated then the general consensus should be that vulnerabilities may be found and exploited by hackers, or it will break when WordPress updates, potentially rendering your site offline.

Updates and Patches

WordPress informs us that automatic updates that run in the background were introduced in WordPress 3.7. This was developed to promote better security and to streamline the update process. By default, only minor releases such as maintenance and security patches are part of this background procedure. This means that websites built on WordPress are automatically patched whenever a potential backdoor is found by the core developers. This automatic update also applied to a lot of high profile plugins and themes too.

Username and Password

One of the larger issues surrounding WordPress security is the simple fact that a large amount of site administrators have their username set to “admin”. Brute-force attacks from hackers using scripts that randomly guess passwords gain access to a significant number of websites due to this simple matter. On the subject of passwords; there is also the issue of WEAK password usage. The easier the password is for these brute-force attacks to guess the quicker it is to gain access, so it is advised to use what is referred to as a STRONG password. It is generally suggested that a password should contain approximately ten characters, with letters both capital and lower case as well as numbers and text symbols. Read more about how to make your passwords safe.

If you are concerned about the security of your website, or you want to know more about owning a WordPress website, get in touch with us today!