We hear this all the time. Someone doesn’t want a WordPress site, because they are worried about security. At the base of any WordPress site is the core. The core WordPress install is incredibly secure. This platform supports almost 20% of all the internet websites. Your WordPress site updates every 2 to 3 weeks. Most of these are security patches. The community tries to stay ahead of all these maliscious scripts running wild on the internet. What we are seeing are a lot of sites that aren’t updating, or the themes and plugins aren’t being updated. These are leaving vulnerabilities that these auto scripts can use to take down your website.
Most hacks aren’t some guy wearing a hoodie in a coffee shop trying to hack his way into your gardening blog. There are automated scripts running hacking attempts on multiple websites at time. For example here is a view at our sites log. In one day we are hit with close to 100 rogue scripts.
Any website on the internet is going to be hit with these scripts the day they go live. A WordPress site that isn’t updated will fall behind, and become vulnerable. Somehow all this updating has given the reputation that WordPress isn’t secure.
Large websites like the New York Times, Best Buy, and MTV are using WordPress. There are millions of sites out there running without problems. A well maintained site no matter the platform should be your focus. WordPress has 60 some million sites out there and is still growing. No other website technology comes close to being this widely adopted. Not even Ruby on Rails.
Themes and Plugins will remain an issue for security. When adding a theme for your site, make sure its by an author who has been around awhile and that updates their theme regularly. This is the same for plugins. These scripts can add some great functionality to your site, but if the code doesn’t stay updated it opens your site up for dangerous exploits.
We have been offering WordPress maintenance programs for 2 years now. With how frequent WordPress needs to update, it’s becoming more and more important to have an experienced web person running these. Between the WordPress Core, the Theme, and Plugins there is a higher chance for a conflict. Hopefully, you had a skilled web company (hint hint) build your WordPress website in the first place.