Like many web designers, we use the WordPress Content Management System to build most of our web sites. In fact, 23% of the web sites on the Internet are using WordPress. Why? Well, there’s a lot of upside to using WordPress.
It’s fast, so we can turn around web sites quickly for our clients.
It’s flexible, so we can easily extend and customise it to meet our client’s requirements.
It’s also open-source, which means it’s free for us to use so we can keep the cost down.
“23% of the web sites on the Internet are using WordPress”
But one of the key pluses to using WordPress is that it’s continually being updated and maintained by a community of developers across the world. It also sees a major release on average 4 times per year, as well as several minor updates and security fixes in between. Needless to say, WordPress is very well supported.
Of course there’s always someone that wants to ruin the party, and due to it’s popularity and the availability of its code source, WordPress web sites can also be a target for hackers. To combat this, we implement a security checklist for each site launch to ensure we’ve done everything (reasonably) possible to minimise the chances of a hack.
However, from time to time security flaws in the WordPress Core and WordPress Plugins occur and can leave your site vulnerable to hacks. Often hackers just crash your site leaving their calling sign, like a teenager scratching their name into the back of a bus seat. This isn’t to be taken lightly though. If a hacker has gained access to deface your web site they most likely have access to your username and passwords, customer databases or any other sensitive information you may have on your web site.
So, what should you do as a web site owner to keep your site secure? Prevention is the best solution. We recommend you to:
- Backup your site
- Keep the WordPress Core up to date
- Keep all 3rd Party WordPress Plugins up to date
- Test and troubleshoot your site after updating
- Run regular security scans for malicious code
- Implement relevant WordPress’ “Hardening WordPress” recommendations
- Implement additional security measures to prevent again common attacks (For example, Wordfence or Security Ninja)
- Keep strong passwords and update them regularly
- Try not to make it obvious that you’re using WordPress
- Backup your site and store offline
Being prepared and ensuring your site is as secure as it can be is half the battle and while a web site is never 100% safe from threats, taking the appropriate security measures along with regular backups is a very, very powerful defence.