More than a quarter of websites are now powered by WordPress. And more than ever, you hear people saying that WordPress isn’t a secure platform. They couldn’t be more wrong.
These days, I see countless posts about how WordPress isn’t a secure CMS. While I’m glad to see that people are finally starting to think about security, WordPress isn’t the issue here.
More often than not, security issues with WordPress solutions are due to poor implementation & lack of planning/budget for basic maintenance.
Some things to keep in mind
- WordPress is immensely popular. That means it’s a very interesting target for hackers; but there’s also a huge community to support it and find flaws before they are exploited. That’s the magic of open-source software – but you must keep it up-to-date!
- 3rd-party plugins are a very common attack vector. They should be picked wisely, used sparingly, and kept up-to-date as well.
- Some basic setting changes, along with tweaks to the server configuration can go a long way towards running a secure installation.
If more development firms applied those same basic principles, there would be less concern across the industry!