WordPress is the most widely used CMS on the internet, but is WordPress safe? Indeed, that tremendous popularity makes WordPress websites a perfect target for hackers.
Every year, a ton of WordPress websites are hacked and shut down. Adding WordPress security plugins to your website is thus highly critical.
Here’s a table of contents to help you navigate this post:
Bottom line: you need a security tool on your WordPress site to have a successful business online.
Julio Potier (WordPress security expert and founder of SecuPress) and Ryan Dewhurst (Codebreaker and founder of WPScan) helped me to write this article.
Websites are like stores. You have to protect them or they get robbed and damaged.
Two years ago, a report from Sitelock revealed that the typical small business website is attacked 44 times a day.
According to a study made by Sucuri in 2017, out of 8000 infected websites, 74% were built on WordPress.
An amazing infographic made by WPClicboard perfectly sums up WordPress security statistics for 2020.
So yes, you need a WordPress Security Plugin on your website.
WordPress is probably the most secure CMS to build your website. But please, keep in mind nothing on the internet is 100% secure.
In 2017 1.5 million WordPress websites were hacked because of a core vulnerability. The issue was quickly dealt with: WordPress has been safe and secure ever since.
Here is the reason why: the WordPress community is so huge and so talented that security breaches are identified and fixed almost instantly. But still, so many WordPress websites are hacked every day.
You have to understand that WordPress has some good security measures in place, but it’s nothing compared to what the best security plugins can provide you with like:
Only 3% of the incident affecting websites are discovered.
These are frightening figures that should encourage you to install a security plugin.
“WordPress today is a mature and secure software project, trusted by millions of users, which even includes the White House’s official website. In terms of security, the main problem that we are seeing is with third-party WordPress plugins, with 87% of vulnerabilities within the WPScan WordPress Vulnerability Database being attributed to plugins. That being said, we are seeing a gradual increase in the quality of plugins on the official WordPress plugin repository. To keep your WordPress website secure I recommend that you keep your everything up to date, choose a strong admin password and install a security plugin.” @Ryan Dewhurst – Founder & CEO at WPScan
Vulnerabilities and security breaches are almost always related to human misbehaves.
So the best way to improve your website security is to be watchful about a few things!
According to the WPScan database, 95% of WordPress vulnerabilities are actually coming from themes and plugins.
And 95% of this 95% are actually coming from free themes and plugins.
The best way to protect your website from hackers is to keep your plugins and theme up to date. You should also remove all the unnecessary plugins installed on your website.
This tip might be more tricky to implement if you are not comfortable with the PHP language.
Most of them are harmless, but some might jeopardize your website and lead to downtime.
To know which plugins generate PHP Errors, you need to access the WordPress Error Log.
The easiest way to do this is to install WP Umbrella.
Go to the PHP Monitoring tab et enable the advanced view.
From here you can access all the errors and related information necessary to troubleshoot them and make your WordPress website more secure.
” Some people think that a not updated plugin will generate security flaws, like it’s growing in it. Of course that’s not how it works. Every plugin, theme or even CMS core has some sort of security holes, but until it’s discovered it’s not a problem. The problem exists when they are discovered and not fixed, luckily (or not) the WordPress community is full of white hat people who will responsively disclose the issues, so when you hear “this plugin/core flaw has been discovered”, it’s already patched. ” Julio Potier CEO @Secupress
Needless to say that selecting a secure hosting should also be one of your top priorities.
Before looking into security plugins, you should make sure that your WordPress host has significant security measures.
Here are some of the security measures a good WordPress hosting provider should provide you with:
Kinsta, our hosting provider, offers all these services.
Using the same password for every website is bad.
Using the same password on several is the best way to get hacked.
Not all sites are secure. If you use the same password from everywhere and a hacker manages to get it, he will have access to all your accounts.
You must choose a different password for each site you use.
If you’re in a hurry, check this summary table. If you’d like to see our in-depth analysis of every security plugin, keep reading!
| Plugin | Features | Performance | Support | Pricing | Overall |
|---|---|---|---|---|---|
| SecuPress |   | | | 69$ | |
| WPScan | | |
WP Umbrella