05-05-2013, 10:28 PM
WordPress is probably more secure than most other CMSs out there. Some of the main exploits have come from:
- Improper server config
- Third party components within WP
- Not using good usernames & passwords
- Installing plugins from untrusted sources
- Not updating the core and/or plugins
None of those are inherently WordPress's fault. And to WP's credit updating the core and plugins is a much easier process than many other CMSs. Not only that, but there's many hosts that will automatically update them for you.
I've run several hundred WP sites for ~5+ years and never had an issue. I've been contacted on many occasions to clean up hacked WP installs, and it's always been one of the above issues.
- Improper server config
- Third party components within WP
- Not using good usernames & passwords
- Installing plugins from untrusted sources
- Not updating the core and/or plugins
None of those are inherently WordPress's fault. And to WP's credit updating the core and plugins is a much easier process than many other CMSs. Not only that, but there's many hosts that will automatically update them for you.
I've run several hundred WP sites for ~5+ years and never had an issue. I've been contacted on many occasions to clean up hacked WP installs, and it's always been one of the above issues.