There is much to be said about WordPress, and a lot of it is true. Easy to use and configure according to your needs are desirable traits to have in a CMS. However, as a business owner you are also concerned with security. The last thing you need is for your company’s credibility (and thus, the company itself) to be destroyed by a single hacker with too much time on his hands. As such, when looking at WordPress, the question to ask is if it is safe.
Risks of Open Source CMS
You should always be wary of popular, open source software. This is not because open source is a BAD thing; it just makes it easier to break into. To put it into perspective: imagine if a bank published all of its security routines, software code, and blueprints for anybody to review at will. While the bank might be highly secure, this also means any vulnerability that exists can be found. The same is true of WordPress – even if the current build is secure, somebody looking to break into a WordPress site will be able to download their own version and find a security exploit.
WordPress Viability without Plugins
You might think the best way to get around the vulnerability issues created by plugins is to not use these plugins at all. Unfortunately, WordPress loses most of its utility when you refuse to take advantage of these additions. Attempting to make a WordPress site without plugins will leave you with a cookie-cutter site that will not be any more secure than another that uses just a few.
Hazards of WordPress Plugins
The real danger of using WordPress does not come from its nature as an open source CMS. The real risks come from plugins. Over the past year alone, several security exploits have been discovered. This Mashable article discusses one found in August of last year, and here in December we have an article on WPTavern issue with the Slider Revolution plugin. Finally, for something a bit more recent, we have hundreds of plug-ins that rendered WordPress vulnerable due to a standard coding practice; the article can be found on Socuri’s blog. This latest security exploit was discovered only two months ago.
Is it Safe?
Bringing us back to the original question: is WordPress safe? The answer to that question is no really. Although developers for both WordPress and the available plugins endeavor to make it so, for every exploit they patch, another seems to appear. How Keywords Help Customers Find Your Website Online.