As we’ve discussed in our blog post, WordPress vs. HubSpot: Which CMS is Best for Your Business?, choosing the right CMS for your B2B company is a big decision. If you’ve done any research on the topic, it shouldn’t come as a surprise that WordPress is one of the leaders, powering 35% of all websites. You might be asking yourself, though, “What about all of those WordPress security issues I keep hearing about?” Let’s talk about whether you need to worry and what you can do to protect your website.
According to iThemes, WordPress runs on open source code. They also have a team that’s consistently monitoring the platform’s security and fixing any security issues that may come up in the core code. iThemes also states that the top five WordPress security issues include:
- Brute force attacks: The trial and error method of entering multiple usernames and password combinations until a successful combination works.
- File inclusion exploits: Using vulnerable code to load remote files that allow attackers to gain access to your website.
- SQL injections: When an attacker gains access to your WordPress database and your website data through WordPress’s MySQL database.
- Malware: Code used to gain unauthorized access to a website to gather sensitive data.
Who should you worry about?
Chances are, you probably don’t have to worry about a guy in a ski mask with the ability to type faster than the speed of light, like in a ‘90s movie hacking your WordPress site. A more typical “attacker” is a bot or a botnet. That ski-masked hacker might have created these bots, but they’re an even bigger pain than a single attacker.
Most of the time, hackers make these bots to steal website data or send spam. However, in more extreme cases, your website can be hacked to attack other websites or even host malicious content. Since this kind of activity can ruin your reputation as a brand, it’s crucial to stay on top of your website’s security so you can resolve any potential security breaches early on.
What you can do
This information sounds daunting, especially if your customers do transactions on your website. But there’s some good news to keep in mind: WordPress really isn’t any less secure than any other CMS when you take the same common-sense precautions you take everywhere else on the internet. Starting with using a strong password.
Using a weak password is an amateur mistake. If your WordPress password is “Password123,” “pa55word” or “blink182,” open a new window and change it right now. Seriously. Right now. Change it to a password with a mixture of letters, numbers, and characters that you don’t use elsewhere.
Since WordPress regularly fixes issues in the core code, it’s imperative that when there’s a WordPress update available, you install it. I know we all hate updates. But always putting these necessary evils off is the ultimate way to leave holes in your website’s security. Your themes and plugins will also periodically require updating, so make sure you keep on top of that.
It can be tempting to use free plugins and themes, rather than paying for some of the attractive ones from WordPress itself. However, plugins and themes from untrustworthy sources are some of the most common ways that attackers can access your website. This is especially true of torrented versions of plugins and themes that usually cost money. In this case, you will probably get what you pay for — and then some. When it comes to plugins, though, using a trustworthy, authenticated security plugin can add an extra layer of protection to your website.
So, do I really have to worry about WordPress security issues?
Yes and no. While a security breach on your site is serious, it’s no more likely to happen if you use WordPress, as long as you make an effort to keep it secure. Taking preventative measures like using strong passwords, not using untrustworthy extensions, and keeping your software updated is like getting a flu shot and washing your hands during flu season. There’s still a chance you’ll get sick, but the risk is much lower.