Are WordPress websites safe? This is a question I get asked by almost every client when I tell them that WordPress is our CMS (Content Management System) of choice. Website security is a hot topic all of it’s own, but WordPress seems to have a really bad reputation when it comes to security.
So what’s the deal? Is WordPress Safe?
When ever I’m asked this question, I answer with a question and it goes like this:
“Let me ask you something: Is your house safe?”
“I think so.”
“What makes it safe?”
“Well, I have locks on my doors, an alarm system, and cameras that show me what’s going on inside my home.”
“So if you didn’t have those things, do you think your house would be broken into immediately?”
“No, probably not, but I wouldn’t know until after it happened.”
“And do these measures prevent all break-ins?”
“No, but it does make it much harder to get in and stops the majority of would-be thieves.”
At this point I explain that WordPress is the same as their house. If there are no locks on the doors, no alarms and no cameras, anyone walking down the street could get in and really mess things up.
Choosing the right security
There are a lot of free and paid security plugins out there, all boasting different features for securing your site. Here are my two favorites:
- iThemes Security is loaded with 30+ ways of locking your site down, blocks known bad IP address, and gives you a lot of other ways to instantly secure your site in the event of a heavy attack.
- Hide My WP 3 Pro is unique in that it hides the fact that your site is built using WordPress. It confuses bots and hackers by changing common WordPress file paths keeping your files safe.
Each are powerful in their own right, but for my peace-of-mind, iThemes is the winner. There is a bit of a learning curve, but it’s well worth the time.
Don’t fall into the “Proprietary CMS" trap
BEWARE of this line: “Our proprietary CMS is more secure than WordPress because hackers don’t know about it and aren’t trying to get in.”
A farmhouse in the middle of nowhere without doors is not more secure than the Whitehouse simply because “home invaders don’t know about it”. The truth is that it’s undiscovered, not “more secure”. If that house (or your site) were to be discovered, hackers would have a field day, costing you thousands of dollars in downtime and site repairs.
Maintenance is the key
Just like anything else you own, your website requires maintenance and care. If you don’t have the time to manage your site, hire someone to do it for you. Yes it’s a monthly expense, but that monthly fee could save you hundreds or even thousands of dollars down the road.
At Dunn Allen Design ALL of our sites take advantage of our Advanced Web Hosting which includes iThemes Security, weekly backups, and weekly checkups by an actual developer.