To WordPress or not to WordPress?

Wordpress Security

To WordPress or not to WordPress?

Recently I was chatting to a client with regards to a new website. During our conversation, I gathered that the client was hesitant of using WordPress due to WordPress security issues.
We sent the below short point list to show that WordPress can indeed be secure.

WordPress is used by 27.7% of all websites on Internet.

WordPress is much like any other popular piece of software that can be a target for hackers to go after.  With nearly 27% of the web running on WordPress, hackers are always looking for a way to get in.
WordPress security is a topic of huge importance for every website owner. Each week, Google blacklists around 20,000 websites for malware and around 50,000 for phishing. If you are serious about your website, then you need to pay attention to the WordPress security best practices.

With thousands of developers backing it, any security holes that are discovered in WordPress are fixed almost immediately.

Further there are security hardening techniques to minimise these threats.

  • Keeping WordPress Updated
  • Use WordPress Security Plugin
  • Enable Web Application Firewall (WAF)
  • Change the Default “admin” username
  • Disable File Editing
  • Disable PHP File Execution
  • Limit Login Attempts
  • Disable Directory Indexing and Browsing
  • Add Security Questions to WordPress Login
  • Use Strong Passwords
  • Only use reputable WordPress Hosting.
  • Install a WordPress Backup Solution

Advantages of using WordPress;

  • Extendable by Using Themes and Plugins
  • Easy Search Engine Optimisation capabilities.
  • Search Engine Friendly
  • WordPress is Easy to Use, an admin/marketing staff member can easily update the blog content.
  • Can Handle Different Media Types easily, pictures, video and audio.
  • Maintained by a large group of volunteers majority of whom are WordPress consultants with an active interest in growing and maintaining WordPress.
  • Compared to custom coded website, organisation is not dependent on the developer.

Further Reading;
Hardening WordPress
WordPress Security: The Ultimate Guide