At one point or another, you will have heard the phrase “WordPress is not secure”. Based on this unfair reputation you might be dealing with a client who is dismissing WordPress as a suitable CMS. However, this statement couldn’t be further from the truth. WordPress core is one of the most secure publishing and web development platforms you can choose to build a website on.

If this sounds like you, and your client is rejecting WordPress due to these concerns, here are a few ways to convince them that WordPress is actually more secure than they might think.

Previous offences

WordPress security was not as always as secure as it is now. In 2009 when WordPress was gaining popularity, the CMS contained a number of security defects that were found and exploited. This was then quickly picked up by the news and the platform received extreme criticism.

This was the wakeup call WordPress needed to up its security game. The exposed security concerns were swiftly addressed in an update to strengthen the WordPress codebase. Still today, ten years later, WordPress remembers this early lesson and have kept on top of security ever since.

Staying ahead of the hackers

WordPress makes a huge portion of the internet, with over 28 percent of websites using WordPress. This makes them a prime target for hackers, and WordPress knows it, which is why they stay one step ahead.

Other CMSs like Drupal and Joomla are simply not targeted as much (or not reported on when they are) since they are not widely used. 52 percent of CMSs used today are WordPress, while Drupal powers a mere two percent and Joomla only six percent.

Updates are key

Typically, security breaches on WordPress websites occur because of an outdated theme or plugin. Any notable hack to a WordPress website in recent years has been traced back to hackers targeting vulnerabilities that would have been avoided with a simple update.

While automatic updates happen to your WordPress core, it’s still your responsibility to update plugins and themes to ensure they contain the latest security patches.

Open source

The open source nature of WordPress means that anyone can contribute to detecting security vulnerabilities, meaning faster fixes. For example, there was a previous WordPress security breach through the REST API (introduced in version 4.7.0) where 1.5 million-plus pages running that version were affected. Various security vendors detected the vulnerability and immediately reported it to WordPress to build an update before any hackers could take advantage of the situation.

Secure as you want it to be

It’s your duty to take additional measures to strengthen the security of their WordPress site. To avoid your site falling foul to hackers there are some extra security measures you can take to harden the security of your WordPress site:

Strong passwords

This is one of the most basic of security measures you should be taking. When a hacker runs a brute-force automated script to gain access, an easy-to-guess password will make it much easier for them to crack the code. You should be using a strong password generator to make sure your password is complicated enough that it can not be easily guessed.

Two-factor authentication (2FA)

2FA puts in place an additional layer of security to your login process. 2FA works by requiring a second factor of information, typically a 4-digit code sent to your mobile phone to confirm your activity on a specific computer. There are multiple WordPress plugins that can add 2FA to your site.

SSL implementation

An SSL (secure sockets layer) encrypts all information submitted to your site. This means hackers won’t be able to see or intercept any data your users share on your site. WordPress doesn’t come with an automatic SSL, however, many hosting providers offer free SSL certificates.

User role access

When creating new users for you CMS be wary who you give “Admin” privileges to, there is no reason to give full access to a team member who is only performing minor tasks. It is always good practice when an employee leaves that you downgrade their permission level to “Subscriber” or even delete them entirely.

Meevo is a digital marketing and development agency based in Toronto. We specialize in partnering with startups, design firms and agencies with strong creative, but limited executional resources.

Share this

We are thrilled to announce that Clutch has named Meevo Digital a top B2B company in Canada in the development category! We are one of only 29 web development companies in Canada to win this award! Based in Washington, DC, Clutch is a B2B ratings and reviews platform. Their independent team of analysts conducts interviews &hellip; <a href="https://meevo.ca/insights/meevo-digital-named-top-canadian-b2b-company/">Continued</a>
Read more
All your hard work is done, and your new website is ready to launch, however, in all this excitement it is easy to miss out important steps. To help you avoid common mistakes we have put together a list of the 26 must-do checks before launching your WordPress website. 26 must-do checks before launching your &hellip; <a href="https://meevo.ca/insights/wordpress-website-pre-launch-checklist-2020/">Continued</a>
Read more
Voice search was tipped to be the next big thing in the world of search, with experts predicting that by the end of 2020, 50% of searches will be by voice. Whilst we may not have reached that figure quite yet, it is clear that users are increasingly moving towards ‘different’ ways of searching. This &hellip; <a href="https://meevo.ca/insights/is-visual-search-the-future/">Continued</a>
Read more