How Secure is WordPress?


Posted on January 2, 2017
Author: Katie Bruhl Zraik
Google+ Profile
If you have ever had your website hacked into, you know the havoc that malicious code can wreak on your website. Any website can be hacked into if you are not using best security practices, but recently WordPress has become more of a target for many reasons. As a result, it has become very important for you address security concerns as you create and manage your WordPress website.

Plugins and Themes are created by developers, and most of them are legitimate. However, some developers are malicious and they embed code into the themes and plugins that you use. This code can leave your website vulnerable to hackers and even blacklisted or removed from search engines.

First and foremost, always have secure usernames and passwords. This should be a given, but I’ve seen too many people call their username “admin”, or have passwords like “password123”. If you use these login credentials, you can be sure that your WordPress website will be hacked. Here are some ways to prevent your WordPress site from being compromised.

WordPress Themes (Free & Paid):

Free Themes:
The easiest and most common way to find a theme is to go to the WordPress Theme Repository. You can find this by visiting and clicking on Themes. WordPress has a tab in the Admin Section of your WordPress Dashboard that will allow you to search for free WordPress themes directly within your WP Admin. If you find a theme that you like, you can click on it to see more information about the theme. This is where you can see the Version, Stats, Support, Reviews and other information that will aid you in deciding for yourself if this is a theme you will be happy with.

Free themes are also available outside of There are some steps you want to take before you trust any free theme on the market:
1. Make sure the theme has had several versions created.
2. Find out when the last time support was given to users – click on support tab.
3. Be sure to read the reviews.
Themes with one version, no support, and low reviews are a red flag. Do not download these. This doesn’t mean that this theme necessarily has malicious code in it, but it doesn’t give me any confidence in the security or long-term usability of the theme.

Paid Themes:
In the event you cannot find a reasonable free theme for your website, you may want to consider a Paid or “Premium” WordPress Theme. does not provide you with a list of premium themes. However, some of the free themes on have an option to purchase an enhanced version of the free theme. This enhanced version usually has more design features as well as other functionality features.
The other way to find paid themes is to do a search on Google for WordPress Themes. It is very important that you find a reputable website theme provider. ThemeForest  & WooThemes are great resources to find the best themes available.Again, be sure to view the details about each theme before you purchase it.

WordPress Plugins:

When deciding on a WordPress Plugin, follow the same verification steps as you did when looking for a theme. You can search for plugins within the WordPress Admin or you can find Premium Plugins online by doing a search for what you are looking for. Either way, I cannot stress enough that you view the version, support, and reviews of each plugin before you download it. Malicious code could be incorporated without you even knowing it, and you have a better chance of preventing it if you take the time to thoroughly review the details of each plugin.

Security Plugins for WordPress:

There are several plugins that provide security for your WordPress website. Think of it as “Norton Antivirus” for your WordPress site. This software will scan your WordPress files and search for any malicious code that may be embedded in your theme or plugins. Many security plugins have a free version, but I find it’s best to take a look at what the enhanced version has to offer. Many times the enhanced version will provide you with better, more comprehensive security options.

I suggest using WordFence. It’s a great plugin and I really like all of the extra security features that come with the premium version.

Be sure to have a secure web hosting plan and have your hosting company maintain current backups of your WordPress site in the event your website is compromised.

The Web & IT Group can provide you with a locally designed WordPress website with the security you need to keep your website online and at the top of search results.

Contact us if you have any questions about this article.