WordPress is definitely a secure CMS?

When I studied Digital Marketing in university, sometime in 2015, WordPress was presented as a cool, opensource and easy to learn CMS (Content Management System) for a website – but still low in security.

Even so, nowadays WP is the most used CMS in the world – with around 30% of all the websites.

Top CMS Usage in the World. Source: BuildWith  (thanks for helping to prove my point)

So… 30% of the total web is at this moment with low security? Not at all. Some topics:

  • WordPress is a free and opensource project – you don’t need do pay for that – and I think free stuff on software is associated to not secure solutions (myth, you’re not in 2002 anymore).
  • There aren’t a lot of plugins and extensions to install in your wordpress website. Not all of these plugins are safe. Before you install any plugin, first check of reviews, last update date and if it is available on WordPress.org plugins repository.
  • Updates are important! Most of update’s reason is the security. I’m not talking about just plugins, but themes and WordPress Cores too.

On my projects as a WordPress Developer, I’ve 100% responsibility on the most of times. So if you are a WP developer too (or you’re working on it), you need to know that all the things you do in your WP project can leave a security door open, making the website fragile to attacks. And why? Because, again, it’s an opensource CMS and you will create everything – Host provider, MySql database, DB users, Admin user – you have all the powers here, so pay attention at each step.

After all, I think sometimes is interesting to invest on security plugins. This is not a list of “Top 10 security plugins for your WordPress Website”, but in each case you can decide together with your client if that investment will be useful. Start with thinking about:

  • How many visits your website will have?
  • In worst case… Have you a backup system?
  • That website represents directly money to your client? €€€
  • What type of data does your website process? Personal or financial data?

Little hint: Wordfence is cool. Sucuri is cool too.

Leave a comment

Your email address will not be published. Required fields are marked *