For every new WordPress website I am hired to build, I quote addressing WordPress security issues as part of the website development quote. When I start a new project, the first thing I do after installing WordPress is fully secure it. I do this before installing a WordPress theme or installing any plugins.
Is WordPress Secure “Out Of The Box”? – NO.
Because of this, WordPress sometimes gets bad press about not being secure. With just a little bit of effort up front though, WordPress security issues can be easily prevented.
It is staggering how many WordPress sites get hacked on a regular basis. I suppose due to ignorance or laziness of not taking the proper steps to secure and maintain WordPress.
Can WordPress be secured so it is less likely to get hacked? – YES.
I say less likely because I simply cannot guarantee it won’t ever happen. Securing WordPress is not a one-time thing that you can “set it and forget it”. Things should be done harden and secure WordPress when you first install and configure it. Ongoing WordPress maintenance needs to be done to keep your website secure.
Compare it to buying a new computer. Initially, you most likely create a recovery disk and install antivirus software before you start customizing your desktop and installing applications. Common practice is to update your antivirus definitions and run virus scans regularly . Operating systems push updates to protect your computer from known vulnerabilities. You should also update programs you have installed when new updates are available.
Similar practices should be done when you run a WordPress website. You need to secure WordPress to keep your website safe.
Are You Going To Be Proactive Or Reactive?
I mentioned basic things you should do when you set up a new computer. Whether you actually do these things on not is your choice. If you haven’t, you probably have not lost a hard drive or gotten hacked yet. It’s a hard lesson to learn.
Building a website for your business and then not properly protecting it could potentially ruin your business. If your website gets hacked beyond repair, you have to start over building a new website (unless you have a current backup). Your site could be down for weeks, or even months while it is rebuilt. Again, a hard lesson to learn.
People often hire me as a freelancer to fix hacked WordPress websites and then secure WordPress so it does not continue to happen. My advice is to be proactive rather than reactive by addressing hardening WordPress up front.
I have cleaned numerous website virus infections and secured even more sites. Proactively addressing potential vulnerabilities before they become an issue is the way to go.
As I said though, doing this once and forgetting about it will not keep your website secure.
WordPress releases updates for the core code on a regular basis. These updates may include new features, bug fixes and/or address security vulnerabilities. Because WordPress is popular. Over 75 million websites run on WordPress! When word gets out that there is code vulnerability, hackers attack quickly and en masse. WordPress plugins have the same issue. You need to monitor and update them regularly too.
How To Avoid WordPress Security Issues.
When you harden WordPress, you are securing the overall installation.
Keep WordPress core code, plugins and themes updated ongoing. Updates are released constantly. Depending on how many plugins you have installed, it could be daily that new updates are released.
Updating WordPress Code And Plugins Can Be As Simple As Clicking A Button.
From experience though, this is not always the case. When I update WordPress I do the following:
- Make a full code and database backup.
- Make a copy of the website and make all updates on the copied version first to test after making updates.
- Review each plugins change log to see if it will potentially cause problems or conflicts with other plugins installed.
- Review the WordPress theme and version for potential updates and compatibility.
- Update plugins and test the website copy.
- If all is good, then I make the WordPress updates on the live site.
Ongoing security maintenance needs to be part of any owner’s website maintenance plan.
Hiring a web developer that is experienced with security issues to maintain your website can save you time, money and lots of frustration. I offer several WordPress maintenance packages to address website security and maintenance ongoing.
You can read more about general website security issues here.