WordPress Best Practices To Follow To Stay Safe

For those of us in the web design industry, the emergence of open source and in particular WordPress as the dominant website platform has been nothing short of amazing. In 10 short years, the prevalence of expensive, proprietary .NET platforms has been usurped by a humble blog. Today, WordPress is the most popular content management system in the world, with over 75,000,000 active sites.

WordPress Market Share

With all the accolades, however, there has been a controversy that has plagued the platform for years: security. Is a WordPress website a secure website? I will put this issue to bed with two words.

Yes, but…

The reputation of WordPress as not secure is based on a myth wrapped in truth. The reality is, most CMS use similar security protocols and architecture, but WordPress from its humble roots made it very easy for lazy developers to unwittingly create an unsecured website by not following simple best practices.

Lowering the Barrier to Entry

First off, as an open source platform there is no licensing fee associate with WordPress. This lowered the barrier to entry and suddenly there were thousands of “professional” web designers opening shop. These are the folks I call the “Do-It-Yourselfers”, the kind that would rather go to Home Depot and get the materials to build their own backyard patio instead of hiring a professional. In their haste to deliver, the Do-It-Yourselfers used shortcuts, including relying on default password settings instead of taking the two minutes to create a login password that a hacker can’t figure out by guessing the city you were born in or your favorite sports team. Everyone familiar with WordPress knows where to find the admin: mydomian.com/wp-admin. Honestly, if you really have an axe to grind and find yourself at this doorstep is it not in the realm of possibility that given the prevalence of WordPress websites out there that it is inevitable that there will be hacks?

WordPress Login

The truth behind the myth that WordPress is not a secure CMS is that it was perpetuated by sheer laziness and that WordPress became a victim of its own success. WordPress is secure, but only if you follow WordPress Security Best Practices.

WordPress as a non-profit community has a team of developers focused on security issues. When a vulnerability is found and reported within the community, a patch is immediately created and added to the latest version update. This is why it’s so important to keep your version of WordPress Core current. In addition to the core platform, plugins created by third party developers are a major source of security vulnerabilities and should always be kept up to date. So, how can you protect yourself against attacks?

Here are 4 best practices to follow to keep your WordPress website safe:

Wordpress Website Security

Be Smart With Your WordPress Password.

This is the frontline of defense. Do not create a password using personal information that hackers might figure out. Make it long and non-sensical. Use at least 6 characters and a mashup of letters, numbers, punctuation, lower and higher cap. Make sure to change out your password at least every three months.

Install a Security Plugin.

WP security plugins are a great way to keep your website safe against security vulnerabilities. Here are my recommendations for the 7 best security plugins available:

  • WordFence
  • BulletProof Security
  • Acunetix WP SecurityScan
  • 6Scan Security
  • Sucuri Security
  • iThemes Security
  • All In One WP Security & Firewall

Stay Up To Date.

Keep your CMS core and plugins current. Just make sure to backup your website before making any updates. If you do not feel comfortable doing this yourself hire a professional to manage your updates.

Work With a Dependable Development Agency.

The sad truth about the WordPress myth is that most attacks are human-related. Find a developer that adheres to WP best practices and can design and implement a security update schedule, including backups.


As a strictly .NET company for over 15 years, DEEPBLUE  has embraced open source platforms, in particular WordPress. The advantages are significant. As the most popular CMS in the world, WordPress provides a development community that no other platform can touch. In comparison to other open source platforms, such as Drupal and Joomla, WordPress is extremely intuitive and provides the same robust features. In comparison with proprietary .NET platforms, there is no cost for licensing and you will not have to worry about a company going out of business and losing all support. The myth that WordPress is not secure can officially be put to rest.

If you are concerned about Website Security please contact us today for a complementary assessment.

We are recognized as a top software company on DesignRush.

Frank Farris

Frank Farris is Founder and CEO of DEEPBLUE. He has been an active thought leader in the practical application of emerging web technologies and web standards since 1998.

More Posts - Website

Posted in WordPress, Web Development