Is WordPress insecure? (no, it isn’t!)

I think it’s a silly question and often misinterpreted by newbies/non-coders for all the wrong reasons. If you even had to ask this question, I would say WordPress is more than secure enough for you!

But first off, what IS “security” anyway?

The word “secure” means different things to different people.

To an average person – “secure” means that it’s hack-proof and your sensitive data is safe from thieves/bad guys, also very low instances of ever getting hacked.
To an experienced developer – “secure” means that it’s coded to best practices, commonly used, and updated often.

If you go by the average person’s definition of “security”, nothing is secure and the best website is one that nobody knows about, has very few features, and is therefore not as often a target for hackers.

But if you go by the experienced developer’s definition of “security”, then WordPress is incredibly secure because everybody uses it and therefore it’s well-maintained by not only the core organization but also the community.

“Security” is about the function

The only reason why any software could ever be a hacking target is that it can do many things and store all kinds of information. To suggest WordPress is insecure is about the same as suggesting that doors are “insecure because they let bad guys in”. Well…doors serve the function of letting personnel in and out of your place. So in a way, WordPress has many areas to protect because it can do so many incredible things…blog, company site, store, etc.

Why on earth would you use something “more secure” if it doesn’t allow you the functionality you need?

“Security” is relative

Back to the door analogy. Doors are only insecure if 1) you don’t need them, and 2) you can build a better door. Most of you can’t. And likewise, with WordPress, most of you cannot build a better CMS and maintain it properly over time than the WordPress community can.

If you (or your developer) are not skilled enough or do not have the resources to build a better CMS, then WordPress would clearly be the most functional and secure option for you.

“Why are people getting hacked if WordPress is so secure?”

People get hacked when they run outdated or poorly coded themes and plugins. They can also get hacked when they have an insecure server. They can also get hacked when they choose weak passwords that are easy for robots to guess. Keep your software updated and regularly vetted for code quality, or hire someone to worry about that stuff for you.

“Can you still get hacked even if you always update your WordPress core and extensions?”

Absolutely. Even banks and the government get hacked. The idea though is that you lock your stuff enough that the energy and time they spend to get in isn’t worth it.

“What about WordPress security plugins?”

That’s a whole other can of worms. Some of them are more useful than others. Some features are more useful than others. Your developer would know best.

How to optimize for Google Pagespeed, Pingdom, and GTmetrix

Learn how to optimize your website for the popular page speed tests! Read on as I go over the most common speed test recommendations and tell you which ones to optimize and how to do it! Want to skip ahead? The truth about speed scores In all honesty… There’s nothing wrong with using speed tests….

WordPress Blogging

What is WordPress (and why you should use it)

WordPress is the most popular website software! It currently powers 1/3rd of all websites (33.6% market share in 2019 and STILL GROWING) and is used by all kinds of sites for all kinds of industries. Small obscure blogs use it. Big name brands use it. If you need to make a website, there’s a good chance WordPress is…

WordPress Blogging

How to Start a WordPress Website in 30 Minutes

Setting up your own WordPress is easy! Follow these steps: Get webhosting – best wordpress hosting Set up WordPress – easy cPanel method (automatic), or the 5-minute method (manual) Choose a WordPress theme – best WP themes, how to choose WP themes Install WordPress plugins – best WordPress plugins, or search the repository Put up content – check out my blogging guides Ready for the next step? (more guides coming…

WordPress Blogging

WooCommerce (WordPress) vs Shopify – Ecommerce Store Comparison (2022)

Honest advice from an experienced user in both WooCommerce (with WordPress) and Shopify platform. They’re both fantastic eCommerce platforms with incredible designs and features. Both are popular for all users, beginners, experts, and even large corporations. It used to be that Shopify was considered the “expensive/paid/pro” option and WordPress/WooCommerce was the “cheap/free/open-source/DIY” option… but a lot…

WordPress Blogging | WordPress Themes

Should you use Critical CSS?

What is critical CSS? How does it work and when should you use it? Here goes another cut-the-crap WordPress performance guide by yours truly. Innocent question from one of my webhosting clients: Hey man, quick question: have you ever dealt with critical CSS? I’m trying to experiment with it but often plugins that promise it…

WordPress Blogging | WordPress Security

Improve WordPress Security

There are some simple tweaks you can do to prevent some popular infections. 1. Disable PHP execution in /uploads/ and /cache/ folders You can easily add a few lines of code into your Apache or Nginx configuration which will prevent PHP usage inside /upload/ and /cache/ folders. In many scenarios, this can render the initial backdoor…