WordPress sites account for more than one-third of all websites on the Internet, including some of the most highly trafficked sites and numerous e-commerce sites. So it stands to reason that companies would spend a lot of time and resources on protecting site security, right?
Unfortunately, says Ted Harrington, executive partner at Independent Security Evaluators (ISE), too many organizations believe that because WordPress runs on open source, it's innately secure.
"The assumptions many people have is that because it's open source, the best ethical hackers will work to find security vulnerabilities and we don't need to focus on security," Harrington says. "The truth is we still need defense in-depth and can't assume that WordPress is secure."
Indeed, over the past year, critical vulnerabilities were discovered that impacted more than 1.5 million WordPress sites and were often linked to one of the 50,000-plus plug-ins that enhance WordPress functionality, adds Timothy Chiu, vice president of marketing at K2 Cyber Security.
"Security vulnerabilities continue to be discovered," says Chiu. "Each new vulnerability is a good reminder that plug-ins can affect your site's overall security."
Armed with the seven tips that follow, WordPress administrators and security teams will have the basics they need to lock down their sites. Read on.