WordPress drives over a quarter of the web, and about a third of web based e-commerce. No platform could come anywhere near these numbers if it were inherently insecure.
All popular web platforms are subject to attack and as they evolve, they all reveal occasional security weaknesses. As the most widely used web development platform in the world, WordPress invites significant attention from the usual suspects.
To understand the true nature of WordPress security, we have to remain mindful of two factors:
- The WordPress community is filled with organizations and individuals that devote serious resources to keeping WordPress safe, by continually testing all things WordPress, responding to new threats with patches and other mitigation, and by sharing their knowledge about what works (and what doesn’t).And there’s an interesting additional aspect to this community effort to keep WordPress safe: WordPress ties in with many other components and services (like hosts, payment gateways, chat systems, and so much more). As such, these related yet independent interests are also investing in the security of WordPress projects and users, by investing in the security of their own offerings. And this leads us directly to the second factor to consider when evaluating WordPress security…
- WordPress is not a solitary player. To build a WordPress project, you’ll need several other components (host, email, and likely other pieces as well). As long as these pieces are properly configured, WordPress can be as safe and secure as any modern web platform. This is so because WordPress itself is actually very compatible with a wide variety of components and services, and is itself quite easy to lock down (or harden).
It’s certainly true that life on the web carries certain risks. And this is so regardless of platform. But betting on WordPress, in a well maintained environment, and cared for by capable professionals, is a very safe bet indeed.