Using WordPress: many rewards, but a few risks
WordPress was born to serve bloggers and it has certainly served them honorably. But since the open-source software was launched in 2003, it has evolved into a fabulously functional platform that supports 42.3% of all websites worldwide. Simple enough for beginners, using WordPress offers a wealth of features, from award-worthy graphic design to e-commerce tools. And new plugins are added, seemingly daily, by creative contributors.
The platform is not without its faults, of course. In the tech world, nothing is perfect. If your online home stands on a WordPress foundation—or frankly, any other platform—security should be one of your utmost concerns. Cybercriminals, whether they’re motivated by profit or pure meanness, are ingenious. And they’re everywhere.
In 2021, the US Department of Homeland Security alone requested $2.6 billion for cybersecurity spending. Microsoft spends about $1 billion. At home, consumers are downloading password managers, installing VPNs, paying for identity theft protection, and taking cybersecurity more seriously than ever before. Then there are the millions of people who’ve already been victimized and are now paying lawyers and credit repair companies to undo the damage.
Using WordPress for secure websites
How well does WordPress protect you against cyberattacks? Let’s look at how the platform stacks up against similar products and how you can minimize risk if you build your site using this powerful tool.
Reported WordPress vulnerabilities
We give WordPress a lot of credit for transparency. Platform leaders across the globe are quick to report on cyber safety issues. Whole organizations are devoted to studying WordPress vulnerabilities in detail and minions of staunch developers/advocates work diligently to fix security problems as they’re discovered. Still, WordPress sites are hacked by the thousands every year. That makes a certain amount of sense, considering the platform’s market permeation. But that doesn’t make the devastating losses businesses suffer sting any less.
In 2020, a coordinated attack that affected some 2000 WordPress sites made headlines. Discovered by Sucuri, a company that offers a range of monitoring and website security products, the assault drove WordPress users to scam sites, fake surveys and giveaways, and bogus Adobe Flash downloads. Phishing scams are a popular attack strategy: cybercriminals send very official-looking but fake emails that appear to be sent by WordPress.org.
The attackers in the 2020 case targeted certain WordPress plugins. With new plugins being added all the time—there are more than 55,000 of them—sealing security cracks is a complex matter for developers. So yes, the functional rewards of working with constantly-updated open-source software do come with risk.
WordPress users have the power
If the ever-evolving cunning of cyber criminals and the sheer complexity of WordPress software leads you to believe you’re fighting a losing battle, there’s plenty of reason to take heart. Analysts who track WordPress vulnerabilities have found that, as is the case with security breaches of all kinds, the lion’s share of WordPress hacks are preventable. They can be traced to some of the most common mistakes users make when using all digital devices, websites, and virtual services.
The good news is that many are easy fixes. And once you apply them across all your online activity, you’ll significantly lower your overall cybersecurity risk.
WordPress security checklist
Get a security boost through Managed WordPress
Whether you’re a blogger-in-the-basement sharing your passion for pets or a small business owner who doesn’t have the budget to hire a cybersecurity officer, keeping your site safe—on top of keeping it fresh and functioning properly—can seem like too tall a task. But fortunately, you have options. Partnering with a managed WordPress service provider like EasyWP can take the burden of maintaining security off your back. EasyWP sweetens the pot with phenomenal uptime statistics, a lightning-fast way to get your site up and running, free SSL certificates, 24/7 customer support, and more, all at a price virtually anyone can afford. You can even try it for free. No credit card is required, so there’s no risk. If only we could say the same thing about the internet.
Susan Doktor is a journalist, business strategist, and principal at Branddoktor. She writes about a wide range of topics, including technology, finance, and marketing. Follow her on Twitter @branddoktor.