Is WordPress safe and secure?

- Anyone who has spent any time with computers and the web know that for all the amazingness they give us, they also come with some serious risks. When I first learned how to use a computer those risks were more or less confined to viruses that could infect your computer. Today viruses have taken a backseat to more sinister attacks on our online services and sadly, that means unless we take some precautions the web can be a dangerous and unwelcoming place. Feeling scared? Well, I'm not here to scare you.

I just want to be honest and ensure you have some perspective and a clear understanding of what it means to publish content on the web. If you open your browser go to Google and search for WordPress security you'll get millions of hits and many of those hits will be articles talking about WordPress being under attack or sites being hacked or WordPress being insecure. I won't say these accounts are wrong, but I want to paint a clearer picture here. The reality is WordPress is among the most secure applications you can use on the web.

This is in large part due to the fact that WordPress is open source. So everyone can see what goes on behind the curtain and everyone can help fix problems. This might seem counterproductive but it's the open nature of WordPress that is it's biggest strength security-wise. Here's the thing because WordPress is the most prevalent and popular web publishing application in the world it is the most obvious target for hackers. At the same time, it's also one of the most rapidly developing applications.

As a result, security holes are patched almost as soon as they are discovered. The strange reality is that by the time you read about a new vulnerability found in WordPress in mainstream media a patch has usually already been released and because WordPress automatically updates itself your site should be patched as well. Now you want to ask me "So, Morten, why are there so many security plug-ins and services and stories of hacked sites if WordPress is secure?" The answer has two parts.

Although WordPress is about as secure as it can get out of the box, there are always things you can do to make it more secure. And hacks are not the only thing you should protect yourself against. There's also break-ins and data loss. On the flip side, many older WordPress sites are never updated or run outdated themes and plug-ins. This creates an unsafe situation where problems that have been discovered and fixed are still active and exploited. So, to keep you as safe and secure as possible we'll use this chapter to look at ways you can improve the strength of your site by adding plug-ins and external services.

And while we're at it, I'll also show you what to do when something goes wrong.