WordPress has been powering numerous domain industry blogs, including our very own, DomainGang.com, for several years.
From the early days, to the current version 4.7.3, WordPress has come a long way; it’s now powering more than 26% of the web.
Its founder, Matt Mullenweg, was interviewed by Braden Pollock during NamesCon 2017, and stated that WordPress takes security very seriously.
Is WordPress safe “out of the box” for domain blogs, and blogs in general?
As with any system that relies on user authentication, with a variety of roles, the immediate answer is, “depends.”
Using a strong password is not the foolproof way to secure WordPress. One must use the authentication keys and salts, to ensure the database is secure from any attacks.
It’s a good idea to password-protect your WordPress admin folder, adding an extra layer of user authentication. This method would protect against malicious brute force attacks, as long as the username/password pair are complex.
Never share the same password across different platforms and accounts, for example your email and WordPress should use different passwords.
Keeping WordPress plugins up to date is important. At the same time, do not install plugins that aren’t used by thousands of other users already, and always check the feedback section at WordPress.org for any instances of shady behavior.
Install Sucuri, as the must-have security plugin, which will allow you to monitor your WordPress installation, as it scans it automatically for any malicious code.
WordPress itself is self-updating, and if you turned that feature off, make sure you enable it again.
A great list of information on how to secure and harden WordPress, can be found here.
