How to stay on top of WordPress security issues

Getting online as a small business owner has never been easier. However, there are still a number of online security issues that tend to cause alarm for site owners taking their first steps into a wider digital world. Today, let’s take a look at WordPress security.

We’ll help you steer clear of unnecessary panic, and put the overall WordPress security landscape firmly in context.

By the time you’re finished reading, you should have a clear picture of the current state of play, and a solid list of links to help you stay on top of WordPress security issues going forward. However, before we dive into the detail, let’s put the good news front and center.

WordPress has never been more secure as a software solution.

Though there’s no denying that WordPress has suffered its fair share of security snafus in the past, the platform as a whole is in better shape security-wise than it’s ever been.

Hard lessons have been learned by the community, and despite its ongoing attractiveness as a target for bad guys, the number of show-stopping security incidents has plummeted over the last few years.

A panel of industry experts watch over the platform’s core; release cycles are stable and regular; and security best practices are firmly established for developers across both themes and plugins. In addition, the hosting community has also radically upped its game in terms of security over the years.

WordPress Security Issues
WordPress is an increasingly well locked down platform.

Standard procedures for keeping safe as a WordPress site owner are also now widely understood. You’ll find a huge number of authoritative and easy-to-implement practices for WordPress and beyond on the Small Business and Pro sections right here on the blog.

All that said, it remains worth your while to regularly keep up to speed with security issues and developments in both the platform’s core and the wider ecosystem of themes and plugins. Let’s move on to look at the best places to do just that.

Recent security developments in WordPress Core

As we noted above, these days the core of the WordPress platform is in remarkably good shape security-wise. Security and maintenance releases are regularly rolled out to seal off newly identified risks, and you’ll be notified in your admin of their arrival automatically.

Needless to say, it’s highly recommended that you upgrade as soon as possible when these roll around.

As a site owner, you don’t necessarily need to investigate all the details of these security releases, but it’s no harm to keep abreast of things by regularly checking in on the security category of the main WordPress blog. Here you’ll find handy listings of security-related releases going all the way back to 2005, along with breakdowns of the vulnerabilities addressed.

WordPress Security Archive
A quick glance at the WordPress Security Category Archive shows that evil never sleeps.

As you can see from the image above, 2016 has seen its fair share of action so far. Take a quick browse through individual releases to get an idea of the amount of behind the scenes heavy lifting that’s regularly going on to keep site owners safe.

Staying up to speed with security news from the wider WordPress world

At this stage in the platform’s development, themes and plugins represent a substantially wider security risk than anything to do with WordPress core. As a site owner, you’ll need to do your due diligence when choosing both and regularly update them when prompted. It’s also well worth being proactive and keeping an eye on wider security news to stay in the loop.

The gold standard here in terms of expert information is set by the good folks over at Sucuri. In addition to providing best-in-class WordPress security plugins and detailed quarterly online security reports, they also provide bang up-to-date security news on theme and plugin vulnerabilities via their excellent blog.

Sucuri Security Plugin
The Sucuri Security plugin is an online safety essential.

A quick flick through said blog shows that the need for ongoing vigilance with themes and plugins never really goes away. Threats such as the Wp-Page Pharma hack have been rumbling away for years, and even incredibly high-profile plugins such as Jetpack and bbPress have had vulnerabilities exposed in the very recent past.

However, there’s no reason to panic here.

A combination of keeping your ear to the ground via authoritative sources such as Sucuri and WordPress Tavern, and diligently updating themes and plugins, should help you largely steer clear of danger.

Stay current with security issues

Security is always going to be a concern for responsible WordPress site owners, but it needn’t be a cause for terror. The reality is that the platform as a whole has made enormous strides in terms of security over the years, and is now firmly positioned as one of the safest platforms out there.

  1. Stick to the following basics, and you should be sleeping soundly as a site owner well into the future:
  2. Select a hosting provider that’s proven to go above and beyond with security.
  3. Pay attention to standard WordPress security best practices.
  4. Always keep WordPress core updated, and check in on related security news.
  5. Keep your themes and plugins current, and review ongoing expert information from sources such as Sucuri.

Is security a particularly pressing concern for you as a site owner? Share your thoughts with us via the comments section below!

Feature image by Ervins Strauhmanis via / CC BY

Originally published at Garage.