Every once in a while, we get a potential client who’s a little surprised when we say that we build websites exclusively in WordPress. “But, is it secure?” they’ll ask, and they’re right to do so. Over the years, there have been a couple of high-profile instances where WordPress security has been compromised. However, it remains the content management system of choice for nearly 30% of all websites that use them. Joomla and Drupal COMBINED don’t even get to 6%*.
So let’s talk about security.
With WordPress being such a high-profile system, of course it garners attention. And with many people jumping into WordPress as beginners, it’s expected that ne’er-do-wells will find vulnerabilities to exploit. Here’s how to set and maintain a strong, secure WordPress website:
- Choose your username carefully. It’s common knowledge, especially among would-be hackers, that the standard username for WordPress is “admin”. If you’re using this, stop immediately. It’s like leaving the porch light on so hackers can see you. Create a new username for yourself, transfer your content to that username, and delete “admin”. Now. As in, stop reading this post and go do that instead.
- Use a strong password. What’s good for your email (and Apple ID and gamer ID…) is especially good for your website. A weak password is like leaving a key under the mat. Ideally, you’ll choose a password you aren’t using anywhere else, and you’ll change it every six months or so.
- Keep your software updated. The web moves pretty fast; if you don’t keep up with the changes once in a while, you could lose out. (Apologies to Ferris Bueller fans.) Recent statistics show that nearly 80% of security issues in WordPress websites can be directly traced back to outdated software.* This can get a little tricky, though, as some software patches can fix one issue only to cause another. My advice? Wait a couple of weeks before implementing a new update, unless you’re talking about a security patch for WordPress core files, which should be happening automatically.
Following these simple steps will go a long way toward assuring that your website stays strong and secure. Also keep in mind that WordPress is built and supported by a large community of developers, who all have a vested interest in keeping WordPress running strong. The collaboration I’ve seen in the WordPress developers’ community is honestly unlike anything I’ve ever seen. It’s a big reason why we chose WordPress as our exclusive platform for building websites.
Have a WordPress-related question I haven’t addressed on the blog before? Ask me here!