Paddy O’Connor Creative Director
Is WordPress a secure CMS?
The simple answer is yes — it is as secure as any other major content managed system (CMS).
Some usage statistics may be helpful to understand the current CMS landscape.
WordPress is — by far — the most popular CMS in use today, and its popularity is growing. About 60% of CMS websites run using WordPress. This is almost 30% of all websites online — a simply staggering level of market share.
Its nearest competitors, Joomla and Drupal, occupy just 6.1% and 4.9% respectively of the CMS market.
What prompted the writing of this post was seeing a recent RFP (request for proposal) for building a website. One of the specifications was a line stating “the new site could not be built using WordPress”, and the reason stated was security concerns.
This is, frankly, not true or fair.
The reality is that WordPress, Joomla and Drupal are all vulnerable to malicious attacks. With WordPress having such a huge user-base, reports of security issues are naturally going to appear more often.
To illustrate the point, Apple users basked for years in the misguided belief that the Mac platform was impervious to viruses. But the reality was that with Windows running on over 95% of the worlds’ PCs at the time, the other 5% was barely worth the effort, and, when there were problems, generated fewer headlines. The Windows platform was simply the lowest hanging fruit.
So, should you be worried about using WordPress?
No, not if simple precautions are followed.
Any CMS becomes vulnerable when the software isn’t updated with the latest security patches, or when rogue or poorly coded plug-ins are installed.
For the record, at Paradigm we are platform agnostic — we use the best tools that will deliver the best experience for our clients and their users. Depending on requirements, we build using WordPress, ASP, and React, among others.
If you have any questions about this or related topics, feel free to contact me.