informa
Slideshow

7 Steps to Secure a WordPress Site

Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
Develop a Threat Model
Run All Updates and Patches
Manage Passwords and Site Access
Double Down on Application Security
Review the New NIST SP 800-53 Guidance
Design, Scan, Check
Think Out of the Box
1/7

WordPress sites account for more than one-third of all websites on the Internet, including some of the most highly trafficked sites and numerous e-commerce sites. So it stands to reason that companies would spend a lot of time and resources on protecting site security, right?

Unfortunately, says Ted Harrington, executive partner at Independent Security Evaluators (ISE), too many organizations believe that because WordPress runs on open source, it's innately secure.

"The assumptions many people have is that because it's open source, the best ethical hackers will work to find security vulnerabilities and we don't need to focus on security," Harrington says. "The truth is we still need defense in-depth and can't assume that WordPress is secure."

Indeed, over the past year, critical vulnerabilities were discovered that impacted more than 1.5 million WordPress sites and were often linked to one of the 50,000-plus plug-ins that enhance WordPress functionality, adds Timothy Chiu, vice president of marketing at K2 Cyber Security. 

"Security vulnerabilities continue to be discovered," says Chiu. "Each new vulnerability is a good reminder that plug-ins can affect your site's overall security."

Armed with the seven tips that follow, WordPress administrators and security teams will have the basics they need to lock down their sites. Read on.

 
Next slide
Recommended Reading: