The opening item in this here Lazy Assumptions category is one of the most oft repeated myths about WordPress: WordPress is Insecure.
I can hear the angry keyboard warriors out there now: “A myth!?” they froth. “What nonsense. You’re crazy!” before adding “I wouldn’t host my worst enemy’s dog’s diary on WordPress!!!”
But, fortunately for the citizens of the free world, angrily repeating a lie doesn’t make it true.
Saying WordPress is insecure is like saying “buildings are insecure.”
Not all buildings have safes. Not all buildings are surrounded by security fences. Not all buildings are Fort Knox.
The raw materials used to make Fort Knox will be similar to those used in all buildings, but they will be applied differently, with a high level of security in mind.
It is entirely possible to harden security with WordPress (and the underlying server stack on which WordPress rests) to a high level.
It is also possible to be extremely relaxed about security, using a common admin username, and an easily crackable password… and because WordPress is the most popular CMS on the planet – by a long, long way – the people who do this are numbered in many thousands.
The curse of being a broad church is also a blessing, too: Security exploits in WordPress and its popular plugins are patched very quickly.
There’s also a variety of very solid security plugins (free) out there to help firewall your installation, and, using simple protections, it is entirely possible to lockdown your admin so that you (or your team) alone is able even to view the admin areas.
Having installed a plugin which monitors for and prevents any changes to your code (in case any form of exploit should be exploited), locked down your file permissions, and also blocked anyone who isn’t you from even attempting to login (using 2FA and other mechanisms to verify it really is you), you’ll find that WordPress is a very much secure software – at least as secure as your bank’s website… the virtual equivalent of Fort Knox, no less.
In fact, with 15 minutes of effort, WordPress is more secure than the vast majority of web applications.
If you’d like a tutorial on how to harden the security on your WordPress website, please Google for one 😉 or request it in the comments section below.