Skip to content →

WordPress Security



For people who are serious about their WordPress website

Since becoming aware of the damage a WordPress attack can cause John has continually monitored trends and developed security best practices for WordPress. To date, all of the WordPress websites John has developed or modified, have remained resistant to penetration, even under sustained attack.

WordPress powers around 30% of all websites; an impressive statistic. However, with great fame comes great responsibility. WordPress itself is an open-source Content Management System (CMS), but just because it is free to use, it does not necessarily follow that it is cheap to deploy.

WordPress has enabled countless people to build websites, but are they any good? The best way to find out was to conduct some thorough research. Taking the cream of the crop, the top 100 WordPress websites and WordPress developers from around the world to find out.

These are the highlights of that research:

  • 98% had glaring vulnerabilities
  • 48% had the default login page
  • 23% revealed their usernames
  • 77% were using outdated WordPress core plugins
  • 83% failed an HTTP Security Headers test

It is likely that if you run WordPress it is vulnerable to common attacks

Most WordPress developers, designers and agencies are actually unaware of the vulnerabilities. Not because they are bad or unprofessional, but simply because they do not know what they do not know. WordPress security is a little niche, but so very important for the integrity of your website.

Malicious attacks are usually automated. This means that there is software out there actively looking for vulnerabilities to exploit. Once found your website may be compromised with Malware, Ransomware, or data theft. There’s no limit to the damage that can be caused and once it happens it’s often too late.

The benefits of a secure WordPress website

  • Protect your reputation
  • Conform to GDPR standards
  • Improve Search Engine rankings (SEO)