Is Your WordPress Site Vulnerable?

WordPress is the most popular content management system on the Internet, by a long shot. The open-source platform powers 23 percent of all websites, according to the statistics trackers at W3Techs.

But whatever platform is most popular logically becomes the largest target for hackers.

WordPress Security: What You Need to Know

Here’s what you need to do to ensure your WordPress site is secured against hackers, crackers and other attackers…

WordPress is popular among businesses, small and large. The websites of CNN, Vogue and Time magazine are based on WordPress. Millions of small business websites are based upon WordPress… and that’s become a security problem.

Wordpress Security

Small business owners are not terribly sophisticated about online security. They tend to set up their WordPress sites as best they can, perhaps with some help from the lowest bidder, and then ignore ongoing maintenance and security practices. The result is that WordPress has become a very popular target among hackers and cyber-criminals.

In 2014, attacks against WordPress sites outnumbered the attacks against all other platforms combined, states a report from the security firm Imperva. This trend is predicted to continue during 2015 and 2016, as WordPress remains the dominant CMS platform.

WordPress plugins and themes are the principal areas of vulnerability, say researchers.The developers of WordPress plugins and themes struggle to make any money at it (if they even try) and so have few resources to pour into security development. And occasionally, the core WordPress engine also is found to have a security vulnerability. In April 2015, and again in May, “critical” vulnerabilities were uncovered, requiring WordPress site operators to apply updates immediately.

There are two “flavors” of WordPress. The fully hosted, and the self-hosted version available at This article addresses the security concerns of the latter. Which one is right for your needs? See this page which explains the differences between them.

But site owners are often lackadaisical or just ininformed about security matters. If a hacker penetrates a business WordPress site, he could plant malware in the site’s pages that would be downloaded to visitors automatically. He might also gain access to usernames, passwords, email addresses, credit card numbers, and other sensitive financial and personal data. He might also “enslave” the site to act as a spam generator.

The damage that such hacking can do to a small business reputation and customer base is hard to overstate. People still shop at Target even after its disastrous security breach because there aren’t many convenient alternatives. That’s not the case for most small online businesses; once your site is associated with identity theft it can be shunned thoroughly.

WordPress Security on Autopilot

So my advice is to take WordPress security very seriously. At the least, you should regularly check your WordPress dashboard for notices of security updates to the core engine, plugins, and themes (each category has its own updates section) and install all updates promptly.

It’s an even better idea to install a WordPress plugin that automatically notifies you when an important update is available. The WP Updates Notifier is a handy tool that does exactly that. It will monitors your site for core, plugin and theme updates and email you when they are available.

Additional protection is available in the form of the All-In-One WP Security & Firewall plugin. Its many features enforce good security practices and give you greater control over who can access your WordPress site. A similar tool is the Acunetix WP Security plugin, which is billed as “the ultimate must-have tool when it comes to WordPress security. The plugin is free and monitors your website for security weaknesses that hackers might exploit and tells you how to easily fix them.”

Other security plugins I recommend are WordPress Firewall, which scans incoming web requests to identify and stop most obvious attacks, and Limit Login Attempts, which blocks an Internet address from making a brute-force attack on your WP admin account.

WordPress is a powerful, infinitely flexible tool for hosting everything from a simple, static information Web page to a fully-featured ecommerce store. It’s a fine choice for your own online presence; just make sure you attend to its security.

Your thoughts on this topic are welcome. Post your comment or question below…

More Posts about Security:

  • Is BYOD a Good Idea for Small Biz?

  • Is Your WordPress Site Vulnerable?

  • Are You Ready For Chipped Credit Cards?

  • DDOS Attacks: Are You Vulnerable?

More Posts about Software:

  • Is Your WordPress Site Vulnerable?

  • 5 Low Cost CRM Options For Small Business

More Posts about Webmaster:

  • 400 Free Tools For Business Building

  • Is Your WordPress Site Vulnerable?

  • Improve Sales With A/B Testing

  • Google Webmaster Tools

  • Adding Search To Your Site


  1. MmeMoxie says

    Thanks for this article, Bob! While, I am not a business owner, nor do I have Word Press, on any website … I do use Word Press, as a customer or by passer, when using Word Press websites.

    It is not only vital, that the owners of Word Press websites, be up to date on ALL updates, for security purposes, but, when they do that, they are protecting their customers or by passers!!!

Join the Conversation! Leave Your Comment...


Free Small Business Tech Support -- The Rankin File
Subscribe to The Rankin File: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.