WordPress and security

WordPress is by far the largest content management system on the web with a market share of over 60% but even with that stat there are many individuals and companies that don’t believe that WordPress is secure enough for their needs.

Usually the people who are telling you that WordPress is not secure, fast and SEO friendly are trying to sell you something and surprise surprise, it’s not WordPress.

I’m going to spend some time over the next couple of posts to talk about these three points individually because I think they each deserve their own topic.


The argument around WordPress security usually goes something like this.

“WordPress is not secure because people need to update it in order to keep it secure.”

Or maybe

“WordPress is constantly being updated to fix security problems.”

All software needs to be updated and maintained in order to be secure. Your desktop OS, your mobile OS. Your browser. Everything. Most companies have teams of people whose sole job it is to make sure their companies technology infrastructure is secure and maintained. In the middle of writing this I got a message from Chrome to update my browser because a new safer version is out. I will click the button and wait while it does its thing because I want my browser to be secure. Is Chrome less secure because some people wait months before they click the update button?

Your website CMS and all of it’s code is no different. The only question is, who is doing the updating and how much does that cost?

Sometimes these updates can be done by an internal team, sometimes an external team and sometimes it is built into the cost of what a company pays every month in order to use a service. In each of these scenarios there is a trade off.

Internal Team

Your internal team can take care of securing your website infrastructure. The trade off is that they will not be doing other internal task that might be more pressing. Like working on your product and its infrastructure. The cost of these updates is hidden in your total cost of ownership because you are already paying these employees. Sometimes you don’t have the internal team member with the required expertise in which case you will need a different solution.

External Team

Your external website partner can facilitate the updates to your site and this means that your internal team is free to work on your internal IT and marketing content needs. The trade off and the cost of this, is a line item on your monthly invoice or agreement and may be built into the fee structure with your partner. This is therefore a visible reminder of what your website security is costing you.

External Service or Platform

All in one framework and hosting services build the platform security into your fee structure and often you will have a monthly service fee plus a per user fee that you pay them every month. There is no “Security Fee” or “Update Fee” because it is built in. The trade off here is that security here is often a “black box” because you don’t really know how secure it is. It is not transparent and security is often out of your control. Most all-in-one platforms are not as customizable, and your individual wants and needs around structure, setup, and workflow are rarely regarded.

All of these options are only as secure as the people and processes you have in place to handle the security of your website platform.

How can we help you with your WordPress security?

Let’s talk.

A quick conversation is all it takes to get started.