Pretty much safe. End of the blog, right? Well … not quite, because there is more than enough to discuss. We regularly get questions from clients about the security of WordPress, because if everything on the Internet is to be believed, there is plenty to complain about. But is that really the case? I’ll tell you how it is and what you can do to make sure your website stays secure.
As one of the largest online content management systems, WordPress is not entirely incomprehensibly often in the spotlight when it comes to security. As such, there are occasional security vulnerabilities in the system – just like any other management system. But because of the large community surrounding the platform, it never takes long for these to be closed as well.
Where do the problems arise?
When WordPress is in the news with security problems that affect many people, it is rarely because of WordPress itself. The system is so well tested and used that this is often not the problem. If there are problems then, it is often traced to another problem: outdated versions.
When your website is not up-to-date, it can lead to a security vulnerability. Often these are issues that are preemptively discovered by the WordPress community and closed with a hotfix or small-scale update. When you don’t implement these, however, this can therefore eventually turn into a larger problem that mainly affects websites that don’t keep up with their updates.
On the other hand, we often see leaks that arise not in the source code of WordPress itself, but in plugins that are added by the user. Plugins from unknown sources are a common problem, but plugins that are not maintained for a long time and do not evolve along with WordPress developments can also cause problems.
How do you avoid these problems on your website?
No one is waiting for security problems with their website, so as always, prevention is more important than cure. So what can you do to prevent it from happening in the first place? I’ll give you some steps to follow:
Keep your website up-to-date
I already mentioned this one, of course, but it is good to emphasize it again: log in to your website regularly to check whether everything is still up-to-date. Especially when you see more than ten updates in the admin area of your website, it is a good idea to update things again.
Have you lost track of it, how many updates are you doing, are you at a loss and have no idea where to start? Feel free to contact us, who knows, maybe I can help you with your updates.
Ensure regular backups
Whether it’s keeping your website up to date, securing things, or just setting up a good workflow: it never hurts to make regular backups of your website. While most good hosting partners will do this for you by default, we ourselves also follow the rule of making an extra backup whenever we are going to make major changes or updates.
There are plenty of good solutions for backing up your website, with us personally being fans of the All-in-One WP Migration plugin. Another popular solution is UpDraft, which also allows automatic backups to other platforms such as Dropbox or Google Drive.
Turn off unnecessary functions
To make big strides in the security of your WordPress website at once, it is always a good idea to disable certain (often unnecessary) features. For example, WordPress offers several public APIs and feeds that are only useful to invoke in select cases. Not needed? Then turn them off.
The easiest way to do this is through the All-in-One Security plugin, currently owned by Team UpDraft (also of the UpDraft backup plugin). This plugin offers several options for boosting the security of your WordPress site, and uses a simple score to indicate how well you’re doing. This is also one of the tools we use when we create a website.
Think carefully about what you install
The final tool in keeping your Web site secure is common sense – there is no better weapon. Of course, this starts with using a strong password and a username other than standard ones like
Also, pay close attention to what you install and place on your website. Watch carefully what plugins you install – especially if they don’t come from trusted sources – and don’t just upload files to your website that you have no deeper knowledge of. WordPress offers a lot of freedom, but that also makes it an easy target for trivial mistakes that could have been avoided.
Stay proactive
So you can do plenty to keep malicious people out: update regularly, make backups and think carefully about what you install. Still having doubts or no idea where to start? Feel free to contact me – I’ll be happy to help you!
How secure is WordPress really?
What causes WordPress security problems?
How do I prevent security problems with my WordPress website?
What can I do if I am behind on updates?
What plugins do you recommend for security and backups?
Why should I be careful with plugins and user rights?
Use only plugins from trusted sources and don’t give users extended privileges just like that. Use strong passwords and avoid default usernames such as “admin.
