How secure is WordPress?

Author - 93digital

Posted By 93digital

Date posted 19th Jun 2018

Category Blog, WordPress


As a platform which can be used by the novice blogger and enterprise business alike, WordPress occasionally cops some scrutiny based on the error of poorly informed WordPress users who are making unfortunate decisions. This sea of chatter online, leads some to ask the question: is WordPress secure?

The simple answer is yes. The long answer is, yes but you have to take measures to maintain your security – like you do with every Content Management System. The WordPress core team is highly efficient and effective at identifying risks and updating to the most secure software. It is then users responsibility to follow the instructions of WordPress security recommendations in order to stay secure.

The exploitation of “known vulnerabilities” drives most security exploits – almost 80 percent – on WordPress”. This occurs when users aren’t updating their WordPress version and attackers seek to go after a vulnerability in outdated software. This includes themes and plugins but is more of a common issue with plugins that stop being supported by their author.

In all cases, WordPress will have notified users to upgrade and made them aware that the software was outdated. In the case of website security from WordPress’ perspective, they can lead the user to security, but they cannot make them upgrade. Meaning the majority of exploits that occur could have been avoided with a simple update by the user.

In summary, here are a few things you can do to keep WordPress safe and secure:

  • Update everything including the WordPress core, plugins and anything else on your server
  • Invest in good quality hosting and infrastructure
  • Keep administrator user roles to a minimum
  • Have strong password policies, and don’t share passwords openly
  • Take regular backups (a good host should be able to help with this)
  • Remove any out of date or unused plugins or code
  • For an extended list and more detail, download our WordPress Security Guide.

How safe is WordPress in comparison to other Content Management Systems?

If you think like a hacker, imagine what kind of platform you would ideally go after. The smaller the CMS, the fewer sites you’re going to be able to exploit. CMSs that grow in popularity become greater targets. This is bad news for WordPress, right? Not exactly. How does WordPress compare in terms of security to Drupal, Sitecore, Adobe and other content management systems?

As a mature CMS, WordPress has a more vast and dedicated security community than other competing CMSs. This security community develops around the application, which causes the frequency and severity of security incidents to drop in comparison to CMS sites which are in the early stages of gaining popularity. From this community, methodologies emerge for reporting and fixing vulnerabilities securely and confidentially so that hackers never have the opportunity to exploit them.

It’s important to remember that a 100 percent secure website does not exist. Same goes for a 100 percent secure Content Management System. What you need to instead look at is which CMS is focusing the greatest amount of work and effort on security, and thus having a stronger community able to fight off attacks with minimal impact to users more quickly.

Ultimately, the issue of security is less to do with what more WordPress has to do and far more about what the end user is doing in their security measures through website maintenance best practice, a good investment in hosting architecture and strong password security. This goes for all Content Management Systems, not just WordPress. Security is the responsibility of the user.

Another measure to keep your WordPress website safe from harm is penetration testing, which you can learn more about here.

Contrary to popular belief, WordPress is not just for bloggers. In fact, WordPress is the world’s largest CMS with over 30 percent of the world’s websites running on the platform. That percentage includes some of the world’s most recognised company websites, including The New Yorker, BBC America, Sony Music, MTV News, The Rolling Stones, and a whole bunch more, which you can browse here for proof.

If you’re looking for a site that is impactful, innovate and pushes boundaries, get in touch with us here at 93digital.

Let's Talk

Do you have a web design and build project coming up that you would like to talk about?