Let me just start off by saying that WordPress is great.  This platform empowers millions of website owners to manage their own websites, make regular updates and not have to rely on a developer to keep their site looking fresh and up to date.

WordPress is extremely popular.  According to the latest statistics it powers an estimated 26% of all websites worldwide.  This popularity has a lot of upside.  There is an ever expanding number of community developed plugins that extend the core functionality, plenty of hosting options, and great tutorials and online learning related to WordPress. Also, there is no shortage of developers able to assist with building or modifying a WordPress site.

But there is also a downside to using such a popular open source platform. We use WordPress to power the majority of the websites we develop.  When we propose WordPress as a platform the question I hear the most often is: “Is WordPress secure?” The short answer is “Yes.”  The long answer is “Yes, if it is managed properly.”

It’s important to be proactive about your website security. Here are 3 things you can do to make your WordPress website more secure:

1) Keep the software up to date: This cannot be stressed enough. WordPress is open source software. When a security hole or exploit is discovered the core development team is usually quick to release an updated version that addresses the issue. Websites that continue to run old versions of the software are susceptible to hackers who can exploit these known security holes. WordPress makes updates very simple. Most often it is just two clicks from within the WordPress admin panel. Make a habit of logging in regularly to check for new versions of the software or follow @WordPress on twitter for news about the latest releases.

2) Use the IThemes security Plugin:  This is a great plugin for hardening WordPress security.  After the plugin is installed make sure you configure these settings.

• Enforce strong passwords – using strong passwords is a no brainer.  IThemes security makes this easy by allowing you to force users to create strong passwords.
• Hide Login Area – This allows you to change the WordPress login URL.  You can prevent a lot of brute force style attacks just by changing this setting.
• Disable PHP in uploads – this setting will prevent users from uploading php files.  This is a common method used by hackers to exploit WordPress.

3) Choose a Managed Hosting Provider:  Managed hosting is a broad term that means different things to different hosting providers. You should choose a hosting provider who is familiar with hosting WordPress and who can help you keep the software up to date and help you navigate fixing your site should you become hacked. It is also nice to have a hosting provider with a firewall to filter out known bad traffic or even block traffic from locations which you do not do business.

There is much more to keeping your website secure than the steps I’ve outlined above. For further reading check out what WordPress says about keeping their software secure.