Since HOLTER Strategic specializes in WordPress development, one of the concerns I hear in the RFP process is about WordPress security. There is a general critique out there that WordPress is more vulnerable to hackers than other platforms. But if this were true would companies like Disney, Mercedes-Benz, and Microsoft rely on it? The short answer is no, WordPress is not less secure than other platforms. But more needs to be said.
WordPress Security Perceptions
When I address the WordPress security question I always make sure to connect security perceptions back to the realities of WordPress’s profound strengths. Because any potential vulnerabilities are directly related to these strengths.
WordPress Most Popular CMS by Far
First of all, WordPress is by far the most used content management system in the world. According to Builtwith.com WordPress powers over 30 million websites. Its closest open source competitor, Drupal has only around one million sites. Other non-open source options like Squarespace and Wix each have around 3 million users. With so many sites built with WordPress, this strength also creates what you might call a target rich environment for hackers.
But this reality also makes WordPress all the more diligent to focus on security. And if and when an exploit is discovered, they are extremely fast at releasing security updates.
Plugin Issues
Another strength of WordPress, that also has a corresponding down side, is its open source model. Because WordPress is open source, and because it invites anyone to build plugins that add to its features, that does open the door to the possibility of poorly built and unmaintained plugins being exploited. In my experience, if a WordPress site does get hacked, it’s almost always due to a bad plugin rather than WordPress itself.
So how do you compensate for the WordPress liabilities that correspond to its strengths?
Fixing Vulnerabilities
First and foremost, WordPress sites must be maintained. You have to regularly login in and update WordPress core as well as all recently updated plugins. If you don’t regularly update you’re just inviting hackers. That’s why HOLTER Strategic performs monthly updates on all our client’s sites to lock down any potential exploits.
Picking Reliable Plugins
Additionally, you can evaluate plugins based on how many installs they have, how they’re ranked by users, and how often updates are released. When you use highly rated plugins, or professionally supported plugins, you can be sure your site won’t be easily exploited.
WordPress Security Plugins and Services
Lastly, there are a host of specialized WordPress security plugins and services like WordFence, which can add additional layers of security to a WordPress site.
WordPress in its core is just as secure as any other platform, perhaps more since its massive user base requires them to be constantly vigilant about security. So clients don’t need to worry about the platform, rather they just need to make sure that their website developer uses dependable plugins and performs regular maintenance. When WordPress is deployed and supported professionally, it’s very secure.
If these kinds of RFP answers are helpful to you, please share, like, and subscribe. And leave me a comment about other RFP questions you’ve encountered that you’d like answers for.
Until next time…
Be Clear. Build Trust. Win Clients.