Sunshine Coast Web Design - Professional IT Solutions for Your Business.

Is WordPress Secure?

We are launching new websites all the time and we are always looking for a robust CMS.

WordPress is the obvious choice, do you have grave concerns about the security of your site, since your company has a ton of visibility and could become a target for attack.

  • It’s interesting when a good friend asks you a question like this because it makes you reevaluate your opinions and assumptions and make darn sure you’re providing advice that will set up this person that you care about for success.
  • I think it would be most helpful to distill my thinking on whether or not WordPress is secure into a FAQ format regarding the subject.

Is WordPress Secure?

The short answer is yes, but it does require a modest amount of work and education on the part of the site owner.
The short answer is yes, but it does require a modest amount of work and education on the part of the site owner. Keeping Core Up to Date For WordPress to be secure, you must keep the core application up to date.

The good news is that WordPress actually does much of this job automatically. If you have the default configuration, then when the core team releases a minor version of WordPress, it will upgrade to that new minor version automatically. Security fixes are released as minor versions. So when a security fix is released, unless you’ve specifically configured your site to not update automatically, your site will update to the newest security fix and you will be protected from an emerging vulnerability. To be clear, WordPress versions come with three numbers separated by dots.  The current version is 4.9.4. The number to the far right is the minor version. So when that changes, your site will be automatically updated. When 4.9.5 is released, your site will automatically update. When 5.0.0 is released, it will not.

Keeping Plugins and Themes Up to Date

You will also need to keep your plugins up to date. This does not happen automatically, except in rare cases where the plugin author provides that functionality. Wordfence security plugin updates automatically when we release a new version. Most plugins don’t. But again, we have some great news. In cases where there is a severe plugin vulnerability, the WordPress security team have the ability to force plugin security updates, and have done so in the past. They have never automatically updated a theme, but they have the ability to do that, too.

In general, though, minor vulnerabilities that a plugin author fixes are not updated on your site automatically. That is why keeping your plugins up to date is one of the most important things you need to do to keep your site secure.

Protecting Yourself During the Window of Vulnerability With a Firewall

When a vulnerability does occur in a plugin or theme, there is a lag time between the vulnerability discovery and when a fix is released. We refer to this as the “window of vulnerability”. To protect yourself during this time, you need a firewall that is being actively maintained by a security team and that includes real-time updates. The Premium version of Wordfence does exactly that. Our team works proactively to discover new attacks and to release firewall rules as soon as a new vulnerability is discovered. This protects our customers during the window of vulnerability, while the vendor works to release a fixed version of their software.

Nginx Firewall

Cpnginx Firewall Protects Your Website From Attacks.

Google Page Speed

Nginx with Google Page speed is the ultimate solution for website cached and cdn services. cPnginx by default provide a CDN subdomain for every google page speed domains.

Proxy Cache For Web Sites

Cpnginx provides flexible configuration and optimization tools for nginx proxy cache configurations. This cache can be managed for each and every subdomains and domains.