The Zinc team work within a wide range of Content Management Systems, but one of our favourites is WordPress. For businesses of all shapes and sizes, WordPress offers a flexible way to manage your site without compromising on functionality. Nevertheless, with the open source nature of WordPress comes its own risks; security is often highlighted as a risk factor for WordPress sites.
The reason that WordPress is sometimes considered less secure is because it’s open source. This means that the code used to build WordPress is available for anybody to view, study and develop for. This enables WordPress to become the open market of plugins, themes and ideas that it is, and for businesses to have a site that looks exactly the way it needs to. Unfortunately, this openness has a downside. With the source code available for viewing, it’s possible to find and exploit weaknesses within it.
With the right precautions, WordPress is a fully secure option. If it wasn’t, it wouldn’t be the most used CMS in the world. Nevertheless, it’s important to keep your site secure by protecting it with the following measures.
Update it regularly
WordPress is run by a core team of people who manage the platform, alongside teams of independent developers who created each plugin and theme. Updates are sent out consistently for WordPress itself, which then instigate a wave of updates for each plugin and theme. These are to patch up any new security issues that have been discovered or protect against known malware. It’s important that whenever you see an update button on WordPress, you press it.
Protect your login page
Unless you change the address, everybody with a knowledge of WordPress can find your login page. Changing the URL of the login is one option, but it’s a good idea to stop this being an open door if it were to be discovered. Start with the basics: don’t use ‘admin’ as your username and make sure your password isn’t easily guessed.
Secure your site
An SSL should be a step one requirement for all sites. They protect the information being sent from the site with encryption; this means that any forms that contain personal information, payment details or contact information aren’t easily found and read. We recommend this across the board, but it’s even more important if there’s any risk that the site itself could become compromised.
Choose your plugins carefully
The open market of WordPress plugins enables you to build a site without any real knowledge of coding. From functionality to appearance, it’s likely you can find a plugin to add to your site to achieve this. With this freedom comes risk. Ostensibly, anybody can add a plugin. At best, it could be low quality, but at worst it can have been created with malicious intent. Make sure that you check whether it’s compatible with your current version of WordPress, whether the reviews are good, and the usage numbers when choosing your plugin to avoid adding poor or dangerous code to your site.
Backup your site regularly
If you get website maintenance, make sure that a regular backup is part of it. If you’re organising it for yourself, try services such as VaultPress, BackWPUp, and or BackUpWordPress. This enables you to recover anything that might be lost in the event that there is a security issue.
When you’re working with an agency like Zinc, there’s very little risk associated with a WordPress site. We create our own themes from scratch and offer ongoing maintenance that includes backups and updates as standard. If you’re concerned about security, it’s best to work with a provider that understands the system and removes the risk.