Powering just shy of a quarter (24.3%) of all websites on the internet, WordPress is without a doubt the most popular content management system (CMS) on the market. But is it the most secure?
In a word, no. While its widespread global uptake may initially fill you with confidence, being the world’s most popular CMS is actually one of the factors that goes against WordPress when it comes to security.
Let’s get one thing straight; no piece of software, CMS or website is ever 100% secure. Hackers are a determined bunch and will always find a way through a system if it’s worth their while (of course, some systems will be easier to penetrate than others).
But the fact that WordPress is so popular is what makes it a potential goldmine for hackers. As a hacker, you’ll want to inflict as much damage with as little effort as possible. So, why would you bother hacking a small-scale proprietary system that powers only a handful of sites, when you could concentrate on WordPress and potentially have 25% of the internet at your mercy?
As an open environment, WordPress comes with some additional security concerns. While its core coding is maintained by a dedicated group of volunteers who take incredible care with the system’s code, WordPress’ many themes and plugins are made by different people from all over the world. Some are highly-skilled expert developers. Some are not.
With that in mind, here are a few things to be mindful of when running and growing your WordPress site:
- Cut back on plugin use – be scrupulous when selecting plugins and be sure to delete those that you are no longer using. Read reviews before you install and, if you can, opt for plugins that can handle several of the functions on your ‘must-have’ list in one.
- Stay up to date – if you’re running an old version of WordPress, all the security flaws in the version you’re running are already known to your potential hackers. So, make a conscious effort to run updates as soon as they are released. If you can use WordPress’ automated update service, even better.
- Set plugins and themes to update automatically – having set WordPress itself to auto-update, consider doing the same for your themes and plugins to reduce the need for manual intervention.
- Disable the theme and plugin editor – unless you’re a developer who makes frequent changes and tweaks to your plugins and themes, you may want to consider disabling WordPress’ built-in plugin and theme editor. If yours, or any of your authorised users’ accounts are hacked, this editor alone can be used to take down your entire site.
- Hide usernames – if your blog or any other plugin you’re using is set to display your username, you’ll want to turn this setting off. Knowing your username, all your hacker needs to do is figure out your password to get full control of your site.
This list is by no means exhaustive, so be sure to do some extensive research when you come to pick a CMS upon which to build your website. And remember, while WordPress is the most popular CMS in the world right now, it’s by no means the best. Contact a specialist, such as MA Design (Web Design, Cheltenham) to find out more.