Would you still use WordPress as the start of a new website?

Would you still use WordPress as the start of a new website?
datum-geschreven 2 Jan 2024

WordPress vulnerabilities found in all versions up to 3.8 – updates needed, WordPress 3.9 still has a vulnerability, vulnerabilities found in WordPress 4.0, WordPress 4.1…

These news reports are becoming more and more common. As I mentioned in previous articles, WordPress occupies a significant part of the internet, making it a prime target for numerous hackers (read here why) especially when many websites are not up-to-date.

This naturally raises the question for both me and my clients:

Should you still use WordPress as the foundation?

The answer is still: yes


The days when anyone with a little reading could put WordPress online, download a few plugins and a theme, and be done with the site and maintenance are over.

Has WordPress become worse?

WordPress has not gotten worse. WordPress is still in the hands of developers who work with dedication to improve the system.

Every time a vulnerability is discovered, they ensure that a security update is released. In short, the quality is still high, and the speed at which WordPress is updated has kept up with the need.

WordPress still features passwords, the database, and the user-friendly way to set up websites. WordPress continues to evolve and ensures that it remains one of the best functioning CMS platforms.

How can you safely use WordPress then?

WordPress itself is a good system, but there are certain “rules” you should consider when setting up a WordPress website.

There have been some “rules of the game” that have changed due to the many hacking attempts and various viruses circulating on the internet.

The “rules of the game” for WordPress in 2015

wordpress rules

  1. Use a maximum of 5-8 plugins
    Each plugin is a potential entry point for hackers. Some plugins are developed by programmers who are just looking to make a quick buck and don’t bother updating or securing them when exploits are found.
  2. Regularly update WordPress
    Not every update is related to security, so you don’t have to follow every update. Sometimes, it’s best to wait until the bugs in the update have been ironed out.
    Sometimes, plugin developers also need some time to update their plugins as they might be dependent on the code of the previous WordPress version.
  3. Choose a unique username, password, and screen name
    One of the first things a spambot tries is your screen name, website name, or variations thereof.
    In short: be creative and avoid using “dictionary words.” Mix in some numbers and capital letters.
  4. A security plugin like WordFence, Securi, or Ithemes Security is not a luxury
    These plugins allow you to easily set up whether every visitor can browse the folders of your server, whether the WordPress version is visible, where the admin panel is located, whether files are writable, whether long queries can be used through the navigation bar, whether multiple login attempts result in an IP ban, and more.
    To keep your WordPress website somewhat secure, you need one of these plugins.
    Note: You should configure them properly as well!
  5. Make sure you don’t have keyloggers on your PC
    Through small scripts from the internet, a page, or a browser add-on, they can capture and transmit your data. Use a good antivirus program on your PC.
    Tip: Avira has a good free antivirus scanner!

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties