Over the past few years you have most likely heard of various websites being hacked. From major Fortune 500 Companies to Small Business and Blogging sites, it seems like no one is safe from getting hacked.
One platform in particular has been targeted by those who would like to spread fear by sensationlizing the situation and by others who might not be fully informed on the reality of security on the internet. The platform that has been targeted is WordPress.
So lets look at the issue of vulnerabilities on WordPress. Is it secure? Is it easily hacked? What are the facts? Before we talk about security, heres a quick overview of the platform.
WordPress is by far the most widely used Open Source Content Management System World Wide with over 23% of websites using it to power their sites and major companies who utilize it to power their business’s. Below is a short list of some major companies that use WordPress.
- NY Times
- Washington Post
- Fed Ex
- Best Buy
- many others
If WordPress is Powerful and Secure enough for the companies above then I’m confident it’s a great option for the overwhelmingly vast majority of people looking to own their corner of the web.
The WordPress Core
WordPress is free to use by everyone. The source code is easy to download from the WordPress.org Repository and most hosting companies have a 1 Click Install option for the CMS. The core of WordPress is updated on a continuous basis and has some outstanding programmers who dedicate their time to keeping it secure and easy to use. All you need is a Domain Name and Hosting Plan.
WordPress Themes are the front end of your website. They provide the look and feel of your site. Here is part of the definition you can find on the WordPress Codex on Themes.”Fundamentally, the WordPress Theme system is a way to “skin” your weblog. Yet, it is more than just a “skin.” Skinning your site implies that only the design is changed. WordPress Themes can provide much more control over the look and presentation of the material on your website.” Read More from the Codex
WordPress plugins are additional programming files that can be uploaded to expand the functionality of your WordPress site. If you need a Slider, Contact Form, SEO and other kinds of functionality, plugins help you expand your site.
Now that we have the basics covered, lets talk security. The WordPress Core is a very secure system. What makes it secure is it is constantly evolving. When an issue is discovered, you can rest assured that a security patch / update is being worked on.
What we sometimes forget is that WordPress is like every other application. While there might be an update available, doesn’t mean the website owner is doing the necessary updates to plug the holes. Also it is important to do some basics on securing your website.
- A Secure Hosting Company – Your hosting company makes a difference. Note: Make sure your username and password are strong and unique.
- A Secure Theme – WordPress empowers developers to roll up their sleeves and make something new. Just make sure its a secure theme from a trusted source.
- Secure Plugins – The same that was mentioned above about themes also applies for Plugins.
- Security Plugins – There are a bunch of solid plugins that help to secure your site. They act as firewalls, anti virus programs, malware scanners and gatekeepers for your site.
- Update Everything – Keep everything up to date. From your server to all aspects of your website, Core, Themes and Plugins.
- Passwords – Change your passwords often. Ideally every 2 – 3 months. Use a password manager.
What gets updated?
The WordPress Core, Themes and Plugins all require updates from time to time. If a vulnerabilty is discovered and the developer who created the theme or plugin issues a security update, then make sure you update your site asap. It is unfortunate when someone disregards their website for months on end only to discover it needs 20 updates and there are security issues.
Why so many updates?
Let’s take a momment and realize that companies as large as Sony, Target, Home Depot, Facebook, Twitter and others have all been hacked over the past 2 years. Now these are large companies with billions in revenue and Armies of Developers programming their sites. But Websites, Apps and Programs are created by men and women and anything thats been created can be reverse engineered to find vulnerabilites. So the updates are there to protect you. Imagine using a Program that hasn’t been updated in years.
WordPress is trusted and used by many and most likely the platform that can meet your needs. Just remember that your website is an extension of you and your brand so it requires some effort on your part. While there are a lot of options when choosing how to create your website, few offer the ability to truely own your website. The question is do you want to rent or own your site? Either way, you should take measures to secure your site.
So yes, WordPress is Secure and Safe to use. Just make sure you lock it down just like you would your car and home.