Skip to main content

WordPress Security Issues


For every new WordPress website I am hired to build, I quote addressing WordPress security issues as part of the website development quote. When I start a new project, the first thing I do after installing WordPress is fully secure it. I do this before installing a WordPress theme or installing any plugins.

Is WordPress Secure? “Out Of The Box” – NO.

Because of this, WordPress sometimes gets bad press about not being secure. With just a little bit of effort up front though, WordPress security issues can be easily prevented.

It is staggering how many WordPress sites get hacked on a regular basis. I suppose due to ignorance or laziness of not taking the proper steps to secure and maintain WordPress.

Can WordPress be secured so it is less likely to get hacked? – YES.

I say less likely because I simply cannot guarantee it won’t ever happen. Securing WordPress is not a one-time thing that you can “set it and forget it”. There are things you can do to harden and secure WordPress when you first install and configure it. Then there is ongoing WordPress maintenance that needs to be done to keep your website secure.

Compare it to buying a new computer. Once you turn it on, you would most likely create a recovery disk and install antivirus software before you start customizing your desktop and installing applications. You then regularly update your antivirus definitions and run virus scans. You update your operating system when new updates are available to protect your computer from known vulnerabilities and bug fixes. You should also update programs you have installed when new updates are available.

Similar practices should be done when you run a WordPress website. You need to secure WordPress (also referred to as hardening WordPress) to keep your website safe.

Are You Going To Be Proactive Or Reactive?

I mentioned basic things you should do when you set up a new computer. Whether you actually do these things on not is your choice. If you haven’t, you probably have not lost a hard drive or gotten hacked yet.  It’s a hard lesson to learn.

Building a website for your business and then not properly protecting it could potentially run your business. If your website gets hacked beyond repair, or you do not have a good backup, you have to start over building a new website. Again, a hard lesson to learn.

People often hire me as a freelancer to fix hacked WordPress websites and then secure WordPress so it does not continue to happen. My advice is to be proactive rather than reactive by addressing hardening WordPress up front and setting up regular backups before your website is infected.

I have cleaned numerous virus infections in WordPress website and have secured even more WordPress sites to proactively address the potential issues.

As I said though, doing this once and forgetting about it will not keep your website secure.

WordPress releases updates for the core code on a regular basis.  These updates may include new features, bug fixes and/or address security vulnerabilities.  Because WordPress is so popular (over 75 million websites run on WordPress), when word gets out that there is WordPress vulnerability, hackers attack quickly and en masse.  WordPress plugins have the same issue and need to be monitored to be updated regularly too.

How To Avoid WordPress Security Issues.

1. Secure your initial installation. (Harden WordPress)

2. Keep WordPress core code, plugins and themes updated.  (Ongoing Maintenance)

Updating WordPress Code And Plugins Can Be As Simple As Clicking A Button.

From experience though, this is not always the case.  When I update WordPress I do the following:

  • Make a full code and database backup.
  • Make a copy of the website and make all updates on the copied version first to test after making updates.
  • Review each plugins change log  to see if it will potentially cause problems or conflicts with other plugins installed.
  • Review the WordPress theme and version for potential updates and compatibility.
  • Update plugins and test the website copy.
  • If all is good, then I make the WordPress updates on the live site.

Ongoing security maintenance needs to be part of owning any website.

Hiring a web developer that is experienced with security issues to maintain your website can save you time, money and lots of frustration.  I offer several  WordPress maintenance packages to address website security and maintenance ongoing.


Comments are closed.