Is wordpress secure?

Index of contents

WordPress is the most popular CMS today for creating a website as it currently accounts for more than 30% of all websites using a content management system. But being popular makes it an attractive target for hackers and hacking.

One thing to keep in mind is that no CMS is 100% secure as hundreds of websites are hacked on a daily basis, but it's not all bad news, most attacks can be prevented by following a series of steps.

A study of hacked websites highlighted that the attacks were more related to outdated and poor maintenance. Plugins pose the biggest security problems, followed by kernel vulnerabilities and finally the theme used.

Remember that the basis of the security of your website is the prevention.

How can we prevent?

  • Choosing a quality hosting.
  • Using complex and not weak passwords.
  • Keeping the WordPress core, themes and plugins updated, as well as uninstalling those that are not used.
  • Installing plugins and themes from trusted and reputable developers.
  • Keeping a recent backup copy always at hand.
  • Enabling SSL on your website.

Quality hosting.

When choosing a hosting for your WordPress, we recommend that you opt for one with a solid security infrastructure that offers: easy installation of SSL certificates, SFTP support (not just FTP), uses the latest version of PHP and MySQL and offers the ability to schedule backups. In addition to offering protection systems against DDoS attacks, hotlinking, spam and malware, have a good firewall and options to block IP's.

We recommend THIS HOSTING for its complete safety suit.


Always use a complex password to protect the security of your website, if it is a combination of uppercase, lowercase, symbols and numbers much better. You can also use a password manager to help you generate and save your passwords.

As a complement you can add a recaptcha (the typical "I am not a robot") or honeypot (trap fields for robots) to avoid brute force attacks or apply an extra security filter using a 2-Step Verification plugin. In addition to your username and password, you will be asked for a code that you may receive on your mobile or other device.

Themes and plugins.

There are thousands of plugins that you can install to improve your website, but each installed extension can open a possible entrance to a malicious actor. Therefore, install plugins from trusted and reputable websites and, above all, keep them updated.

Also, the risk of your website being compromised is higher when the WordPress core is outdated, so update your WordPress whenever a new version is released. Always remember to make a backup before installing a major update.

In this article we talk more about the themes and plugins.

Backup copies.

It is always good and important to have a backup that allows you to easily restore a full version of your website in case something unwanted happens. In order to have this functionality you need an external solution, either through your hosting provider or with the installation of specific plugins. It is recommended that an automatic copy is made periodically, in order to be forewarned at any time.

SSL Certificate.

This certificate allows all data transmitted between the user and your website to be encrypted. It is a service that many hosting providers offer for free, so that your website is HTTPs.

To learn more about SSL, I recommend reading this article.

> Share it to whoever may be interested: