• Skip to primary navigation
  • Skip to main content
  • Skip to footer

WPJohnny

WordPress Performance Guides and Reviews

  • Start a WordPress site
  • Hosting
  • Themes
  • Plugins
  • Blogging
  • Marketing

Is WordPress insecure? (no, it isn’t!)

WordPress blogging Dec 5, 2018 by Johnny 5 Comments

I think it’s a silly question and often misinterpreted by newbies/non-coders for all the wrong reasons. If you even had to ask this question, I would say WordPress is more than secure enough you!

But first off, what IS “security” anyways?

The word “secure” means different things to different people.

  • To an average person – “secure” means that it’s hackproof and your sensitive data is safe from thieves/bad-guys, also very low instances of ever getting hacked.
  • To an experience developer – “secure” means that it’s coded to best practices, commonly-used and updated often.

If you go by the average person’s definition of “security”, nothing is secure and the best website is one that nobody knows about, has very little features, and therefore not as often a target for hackers.

But if you go by the experienced developer’s definition of “security”, then WordPress is incredibly secure because everybody uses it and therefore it’s well-maintained by not only the core organization but also the community.

“Security” is about function

The only reason why any software could ever be a hack target is because it can do many things and store all kinds of information. To suggest WordPress is insecure is about the same as suggesting that doors are “insecure because they let bad guys in”. Well…doors serve a function of letting personnel in and out of your place. So in a way, WordPress has many areas to protect because it can do so many incredible things…blog, company site, store, etc.

Why on earth would you use something “more secure” if it doesn’t allow you the functionality you need?

“Security” is relative

Back to the door analogy. Doors are only insecure if 1) you don’t need them, and 2) you can build a better door. Most of you can’t. And likewise with WordPress, most of you cannot build a better CMS and maintain it properly over time than the WordPress community can.

If you (or your developer) is not skilled enough or do not have the resources to build a better CMS, then WordPress would clearly be the most functional and secure option for you.

“Why are people getting hacked if WordPress is so secure?”

People get hacked when they run outdated or poorly-coded themes and plugins. They can also get hacked when they have an insecure server. They can also get hacked when they choose weak passwords that are easy for robots to guess. Keep your software updated and regularly vetted for code quality, or hire someone to worry about that stuff for you.

“Can you still get hacked even if you always update your WordPress core and extensions?”

Absolutely. Even banks and the government get hacked. The idea though is that you lock your stuff enough that the energy and time they spend to get in isn’t worth it.

“What about WordPress security plugins?”

That’s a whole other can of worms. Some of them are more useful than others. Some features are more useful than others. Your developer would know best.

 

Share this post:

Share on FacebookShare on X (Twitter)Share on LinkedInShare on WhatsAppShare on EmailShare on SMS

Read all my posts on WordPress blogging

About Johnny

Right on the edge of WordPress development! 10+ years of WordPress design, development, hosting, speed optimization, product advisor, marketing, monetization. I do all that.

More WordPress Guides

The WordPress Open-Source Conundrum

Open-Source vs Proprietary (closed-source)

MailOptin Email Lead – WordPress plugin review

LiveCanvas HTML/CSS pagebuilder for WordPress – REVIEW

WP Admin Dashboard – UI design fantasies

Choosing the FASTEST DATACENTER location for your web server

Reader Interactions

5 Comments

  1. Alexey

    March 13, 2019 at 2:51 pm

    Hi Johnny!

    Please let me know your opinion.

    What do you think about static site generators? Example: Jekyll, Hugo, etc.

    They work very fast. And they are very safe. Also, static site generators load hosting (server) very little.

    What do you think. To create typical blogs, niche websites should use a static site generator? Is it better than WordPress?

    Reply
    • Johnny

      March 27, 2019 at 10:29 pm

      Thanks for the great question, Alexey…here’s my reply to this: Are static CMS sites a good alternative to WordPress?

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

More links

  • Gadget reviews
  • Try my free WPJ plugins
  • Join the WPJ FB Group
  • WPJ YouTube & newsletter
  • Become a WPJ Affiliate

Popular Reviews

  • Best WordPress Hosting
  • Best WordPress Themes
  • Best WordPress Plugins
  • Best WordPress Cache Plugins

Services

  • Speed optimization
  • Speed optimization courses
  • WordPress hosting
  • Hire me or other experts
  • Client login

About Johnny

10+ years of WordPress design, development, hosting, speed optimization, marketing.
Contact me.

newsletter block

Copyright 2025 | WordPress guides by Johnny Nguyen

Click to Copy