What about WordPress Security?
One of the most common questions we receive about using a WordPress website is, “Will my site be secure? I’ve heard there are security problems with WordPress.” The answer to this is that it just depends. It depends on you, as the website owner, and how you police your content, to include your themes and plugins. The single best thing you can do for your self-hosted WordPress website is to keep all of your software up to date, which includes your CMS (WordPress, itself), your themes, & your plugins. The next item, which is nearly as critical, perhaps more so depending on who you ask, is to use trusted software (themes & plugins) that comes from reputable repositories such as the official WordPress Plugin repository. Throw in solid hosting & being security-conscious about how you handle your site & you’ve got a winning combo!
We’re aware of a WordPress site that came under a sustained botnet attack a few days ago but because their host was prepared for it & they had taken adequate measures to secure their WordPress site from unauthorized admin access, the site was no worse for the wear. A couple of things that any site owner or admin needs to keep in mind is not to use a weak password – ever. WordPress will warn you if your password is weak & will force you to acknowledge that you’re using a weak password, so if you’re in doubt all you need to do is visit your profile on your site & check your password strength. Or bypass password use altogether & use Clef.
When it comes to themes, we realize very well that there are simply awesome themes that are not in the official repositories that are perfectly fine to use & that’s definitely OK. A few things that you should look at prior to purchasing these themes, however, are:
- Is the seller of the theme the author of the theme?
- Does the theme author provide support if there are issues related to the theme’s code?
- Has the theme author been around for a while & are they likely to stick around in the future?
- Is the theme seller/author accessible?
If you answered no to any of these, you need to think long & hard before you pick up that shiny new WordPress theme or plugin. As an example, here is what happened to a few folks who thought they hit the mother lode in “free” themes:
The long & short of the “is it safe” question is that website owners & admins just need to treat their website as if it were their home & not leave the front door open or invite someone in if you think there’s a chance they might be casing the place. WordPress itself is awesome because of the immense flexibility that it gives site owners in its bionic-like plugin & theme incorporation but it’s that same awesomeness that finds several people at a loss as to what they should do because of the sheer volume of choices. Since it is your site, however, you can make decisions for it just as you like & you have all the time in the world to decide before you incorporate any new software.
In parting, here are a couple plugins that we like & we think you will, too: