Debunking WordPress Security Misconceptions
14th January 2016
Amongst the business community there is a growing misconception that WordPress, as a CMS and ecommerce platform, is not secure and should be avoided. This article should serve to alleviate any concerns you have regarding WordPress and also inform you of why it is in fact one of the more secure platforms of choice.
The Source of the Misconception
WordPress has long been the target of hackers simply because it is the most used CMS on the web (according to trends.builtwith.com), and it is fair to say that in the past hackers have been successful in exploiting vulnerabilities. An important piece of information which is often overlooked when criticising WordPress’ security is that in recent years no significant scares have been caused by vulnerable code within WordPress core. Major security scares have instead been the responsibility of third-party scripts included in themes (Such as TimThumb) and third-party plugins (Such as Revolution Slider).
One of the larger scandals surrounding WordPress security was simply because a large portion of site owners had their username set to “admin” and brute-force attacks (randomly guessing passwords) gained access to a significant amount of websites. I would argue that this is not an issue with WordPress’ security, but instead the lack of security considerations taken by its users (users having the username ‘admin’ as their login).
What Makes WordPress Secure?
WordPress introduced automatic updates in October 2013 for critical security fixes, this means that websites built on WordPress are automatically patched whenever a potential attack vector is found. I can not emphasise the word “potential” enough, it is very rare that these “attack vectors” are a threat to every site and often only apply when very strict conditions are met.
Currently WordPress has 35 core committers with direct access to the code who are dedicated to developing the platform, couple this with the hundreds of contributors who have helped shaped WordPress over the years then you can appreciate how the platform has grown so quickly. Contributors cover a broad range of topics including core code development, design, accessibility, translations and mobile support.
Why You Should Consider WordPress for Your Website or Ecommerce Store
In an age where technology is largely fuelling security and privacy concerns WordPress is standing strong, currently being utilised in some capacity by high-traffic businesses such as: eBay, Facebook, Rolling Stones and UPS.