Is WordPress Still Secure?

November 16, 2015

With over 25% of the world’s websites now running on WordPress, it’s easy to say that it is by far the most popular content management system found online. Being free and open source makes it an effective solution for most webmaster.

However with this sort of popularity it also brings in a whole new wave of hacking and scummy individuals trying to ruin your day.

So this begs the question: Is WordPress still secure?

Yes… and indirectly no.

Common Mistakes:

With all of the websites we have launched, we have yet to be hacked due to a WordPress vulnerability. The real issue is that there are so many moving parts within the CMS system that many users don’t keep up-to-date with everything else.

Just think about all the pieces you have to keep track of:

  • Hosting security
  • FTP security
  • WordPress login security
  • File permissions
  • Plugins

It is a list that is commonly overlooked post-launch, and that is where the real issue is found.

9/10 It’ll be an Out Dated Plugin:

Common plugins are also prone to hacking because users don’t tend to update them. Simple solution is keep every single plugin up-to-date and for the most part you will avoid known vulnerabilities.

Remove the Clutter:

After you have updated plugins, go through your list and remove any un-needed plugin or widget. You want to keep WordPress as lean and bullet proof as possible! Not only do plugins reduce website performance, but for every plugin you add you can indirectly give hackers another hidden back door or vulnerability.

My rule: Stick to the necessary, and only if it’s up to date. Don’t add features you don’t very specifically need.


Think about this… when was the last time you updated your passwords? Hosting, FTP, WordPress, etc.

Are they secure random character strings, or are they 1234dogsname? Are they the same as your email login? We use our email and same password to access our WordPress website.

Simple fix, update to unique random string passwords. Use 1Password if you don’t already!

Hosting Security:

You get what you pay for. Simple as that. If you are paying a premium at WP Engine, or WP Cloud you get addition security setup for you automatically that you never have to worry about! It’s awesome!

However if you’re at a typical shared hosting platform such as BlueHost or the many others out there, they don’t care if your website gets hacked or not! In fact they just build upon the stress! If your website get’s hacked, they will stop your account which also means your email will be stopped!

Talk about serious inconvenience! Meanwhile if you spent more on WP Engine or another premium host… you will still be writing articles and managing your site instead of dealing with a hacked mess.

Now, that all fun and dandy, but sometimes it’s just not financially feasible to host your website with a premium provider. Don’t get too worried, there are additional security measures you can add to your own website that is similar to what your web host will do… however you’ll have to wait for Part 2 where we go step-by-step through basic security measures.


Leave a Reply

Your email address will not be published. Required fields are marked *