Every now and then I get a client who, citing security risks, objects to the use of WordPress for their custom website project. And I don’t blame them! With the scary headlines about WordPress hacks, I can understand being leery of the WordPress platform. So what do I think about WordPress security?

The facts are this: WordPress is the most popular content management system (CMS) for a reason.

It is open source, meaning it’s free, and is very easy to use and update on the front end. And with countless themes available, it’s easy to get the look and functionality you need without any coding knowledge.

Nearly 25% of all sites are WordPress, which makes the platform a bit of a target. But because it’s the largest, it’s also the best supported. WordPress developers are very diligent, and patch their code whenever a vulnerability is discovered.

Therefore, frequent updates are issued for WordPress security, along with its many plugins and themes. One of the keys to website security is regularly installing these updates. A site becomes vulnerable to attacks if ignored for even a short period of time. In addition to updating your plugins, there are many other things you can do to harden your WordPress website security. Check out “The Ultimate WordPress Security Guide – Step by Step (2017)” for more ideas.


For added peace of mind, we like the Wordfence Security plugin. This plugin prevents sites from being hacked, blocks potential threats and brute force attacks, and helps you recover from a hack if one ever happens. There is a free version of the plugin available, or you can buy a Wordfence Premium license for $99 per year. The Premium version gives you access to mobile sign-in, premium support, and other features.


With the proper precautions, WordPress is very secure. One of the top precautions is regularly updating your website plugins. Not willing to do regular maintenance on your website yourself? Unsure of your DIY skills? Hire a pro to do it for you. Website security is not something to take lightly. Recovering from an attack is a huge headache, and can take weeks, or even months to fix. Even worse, your brand’s reputation will be majorly tarnished if a customer discovers your site has been hacked before you do.