Myth: Your WordPress Is Not Secure

In our experience designing and developing website solutions for our clients, we are often asked to give our opinion and recommendations on various Content Management Solutions. Open source or closed? How easy is it to use? Are there any licensing fees? And the one question we hear quite often  -- is WordPress really secure?

We don’t want to keep you in too much suspense or have to make you read much further, so we’ll answer your question directly. Yes, WordPress is secure. But (and, yes, there is a but) only if you follow WordPress Security Best Practices. Regardless of the CMS you choose, all content management systems are similar in that they serve as homes for your content. And the same way one house may be more secure than another house, entirely depends on the security mechanisms and safeguards that you put in and around your home.

Currently, WordPress is the world’s most popular CMS. Based on an open source code, WordPress has a team dedicated to finding and fixing WordPress security issues. When vulnerabilities are discovered, fixes are immediately deployed. Hence, it is extremely important to keep what’s considered the WordPress Core up-to-date. Additionally, WordPress security vulnerabilities extend beyond the WordPress Core into themes or external plugins that may be installed on the site. In fact, WordPress plugins are the biggest source of vulnerabilities, accounting for 54% of known WordPress security issues (

Once a security issues is discovered, some of the most common ways to gain access include:

  • Brute Force Attacks
  • File Inclusion Scripts
  • SQL Injections
  • Cross-Site Scripting (XSS)
  • Malware

So how can you safeguard against these type of attacks and ensure that all the windows and doors to your home are locked? The answer? Don’t leave the door the open.

Interestingly, most successful WordPress attacks are the result of human error. By proactively adhering to the following precautions and best practices, you can greatly reduce your risk of security breaches.

What Can You Do to Protect Your WordPress Site?

Strong Passwords. Use passwords with 6 or more characters. Passwords should be changed every 6 months and never use the same password for more than one login. This goes for both admins and any lower level content editors who have access to the CMS.

Install a WordPress Security Plugin. While it may seem ironic that 54% of WordPress security issues are related to external plugins, WordPress security plugins can greatly help in discovering and fixing any major security vulnerabilities that arise.

Keep WordPress Versions and Plugins Up-To-Date. Proactively updating the WordPress Core and plugins are a must -- especially if you are leveraging any WordPress security plugins.

Find a Technology Partner You Can Trust. Because most WordPress attacks are the result of human error, it’s important to have a team who is dedicated to looking after the security of your website. There should be processes in place for performing things like regular backups or checking that all versions and plugins are up-to-date.

At Multimedia Solutions, we are confident in saying to our clients that WordPress is a secure, reliable, flexible and easy to use CMS. And while WordPress has seen a number of high profile security scares over the years, the security of WordPress comes down to the level of protections that are put in place in and around your website.


Interestingly, most successful WordPress attacks are the result of human error.