WordPress and Online Security

I’d like to start off by saying how impressed I am with WordPress as a great and easy to use Content Management System (CMS). There are so many free or cheap themes for WordPress available that with only a little effort your site can look quite different to the standard version of WordPress. If you struggle to get your new template into the system then it is more likely to be a problem with the template, it really is that straightforward to add a template.

The real issue with WordPress is that it is now SO popular that it is a very popular (and lucrative) target for hackers, and whilst WordPress itself gets plenty of updates to fix security issues as they appear, there is no guarantee that the plugins you use are. They are frequently well behind the curve on security updates, leaving users at a distinct disadvantage and wide open to abuse.

WordPress has become a victim of its own success, much like Microsoft Windows vs Apple’s operating system. Windows got attacked continually giving us update after update to plug the vulnerabilities, whilst for many years Apple’s OS went under the hacker’s radar. Unfortunately Apple is now attacked more often than Windows, as its popularity grows, the more it is focussed on, in much the same way as WordPress is.

At Kehorne we have developed our own CMS and because we don’t have to use 3rd party plugins the whole system is intrinsically safer. Who would try and hack our system – even a bored teenager would spend far too much time when for the same effort they can potentially hack into thousands of WordPress sites. WordPress just gives them a lot more bangs for their buck.

So what do you do if you have a WordPress system and are worried about whether it is secure or not?

There are a whole list of things that will improve your site’s security and I have tried to list a few of the top recommendations that are easy to do:-

  • Don’t use “admin” as your username – obvious perhaps but surprisingly common
  • Passwords – use a mix of numbers and letters or two unconnected words and a number, no date of births, no pet names – if you know a foreign word throw it in the mix
  • Stay up to date – WordPress will tell you that there are updates that are available, it does not stop the site from working, or reboot the server, this has become more important than ever, and is such a simple solution

Beyond this there are many more things that can be done but they become increasingly more technical and implementation can be more difficult, especially for those not so blessed with a working knowledge of the way WordPress works.

Kehorne are more than happy to discuss your individual requirements or problems that you may be having. Feel free to call us for help or advice.