WordPress security: Is it safe?
At Vireo Productions, we specialize in WordPress, an open-source publishing software and content management system (CMS). It's what we use to build our websites, and if you're one of our clients, it's what you'll use to update the content on your website.
But some of our clients have concerns about WordPress: They've heard it gets hacked often, or that it's not secure. So why would we choose to specialize in such an unsafe platform?
WordPress has become the top CMS in the world, found on almost 40% of all websites online -- that's hundreds of millions of websites. Yes, this means hackers are more likely to target this platform; because it's so widely used and the code is open-source, hackers try to find exploits.
Its popularity is also its saving grace. What doesn't kill you makes you stronger: Because it's so widely used and the code is open-source, all developers can report holes and improve security.
We chose to specialize in WordPress specifically because of its popularity. There is a lot of online support available for both our clients as users, and for us as developers. Plus, if you happen to part ways with Vireo Productions sometime in the future, almost any other development company you reach out to will be familiar with the platform.
Besides, "security through obscurity" (e.g. using a Mac because it's less popular than Windows, and therefore less likely to get hacked) is a poor strategy; if someone wants to hack your site, they will find a way, no matter what system you're using.
Many security breaches happen through websites that aren't regularly updated. Those update warnings you get are meant to ensure the code is up to snuff. Hackers find exploits, then others fix the holes, and then you're prompted to update to the latest version. If you don't update, that exploit will remain.
More often than not, hackers will find their way into your website through plugins -- modules of code that offer short cuts to certain functionalities, like a contact form, for example."
Because anyone can write tools for WordPress, it’s possible that not all extensions live up to the same code review standards as the WordPress core," explains Justin Handley in The Layout. "It’s possible for a very popular plugin to have security flaws that can impact thousands of WordPress sites all at once."
We always set the websites we've built to update automatically, and we're very careful about the plugins we use, and of keeping those plugins up to date.
The number one reason we chose to work with WordPress is that its CMS is user-friendly. We want all of our clients to have the option to manage their own content on their sites. Not only are many of our clients already familiar with WordPress, it's also straightforward to use and learn.
In addition, WordPress makes it easy to update your website’s design down the road: If you choose to continue to use WordPress for your next website redesign, the platform will allow you to keep all of your current content and migrate it to a new theme.
Security is always a concern, but using WordPress is not. This publishing software and content management system has served us and our clients well, and we expect it will continue to do so for a very long time.