I’d like to start off by saying how impressed I am with WordPress as a great and easy to use Content Management System (CMS). There are so many free or cheap themes for WordPress available that with only a little effort your site can look quite different to the standard version of WordPress. If you struggle to get your new template into the system then it is more likely to be a problem with the template, it really is that straightforward to add a template.

The real issue with WordPress is that it is now SO popular that it is a very popular (and lucrative) target for hackers, and whilst WordPress itself gets plenty of updates to fix security issues as they appear, there is no guarantee that the plugins you use are. They are frequently well behind the curve on security updates, leaving users at a distinct disadvantage and wide open to abuse.

WordPress has become a victim of its own success, much like Microsoft Windows vs Apple’s operating system. Windows got attacked continually giving us update after update to plug the vulnerabilities, whilst for many years Apple’s OS went under the hacker’s radar. Unfortunately Apple is now attacked more often than Windows, as its popularity grows, the more it is focussed on, in much the same way as WordPress is.

At Kehorne we have developed our own CMS and because we don’t have to use 3^rd party plugins the whole system is intrinsically safer. Who would try and hack our system – even a bored teenager would spend far too much time when for the same effort they can potentially hack into thousands of WordPress sites. WordPress just gives them a lot more bangs for their buck.

So what do you do if you have a WordPress system and are worried about whether it is secure or not?

There are a whole list of things that will improve your site’s security and I have tried to list a few of the top recommendations that are easy to do:-

Don’t use “admin” as your username – obvious perhaps but surprisingly common
Passwords – use a mix of numbers and letters or two unconnected words and a number, no date of births, no pet names – if you know a foreign word throw it in the mix
Stay up to date – WordPress will tell you that there are updates that are available, it does not stop the site from working, or reboot the server, this has become more important than ever, and is such a simple solution

Beyond this there are many more things that can be done but they become increasingly more technical and implementation can be more difficult, especially for those not so blessed with a working knowledge of the way WordPress works.

Kehorne are more than happy to discuss your individual requirements or problems that you may be having. Feel free to call us for help or advice.

Sources

https://yoast.com/wordpress-security/#pluginsthemes

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.