WordPress has been powering numerous domain industry blogs, including our very own, DomainGang.com, for several years.
From the early days, to the current version 4.7.3, WordPress has come a long way; it’s now powering more than 26% of the web.
Its founder, Matt Mullenweg, was interviewed by Braden Pollock during NamesCon 2017, and stated that WordPress takes security very seriously.
Is WordPress safe “out of the box” for domain blogs, and blogs in general?
As with any system that relies on user authentication, with a variety of roles, the immediate answer is, “depends.”
Using a strong password is not the foolproof way to secure WordPress. One must use the authentication keys and salts, to ensure the database is secure from any attacks.
It’s a good idea to password-protect your WordPress admin folder, adding an extra layer of user authentication. This method would protect against malicious brute force attacks, as long as the username/password pair are complex.
Never share the same password across different platforms and accounts, for example your email and WordPress should use different passwords.
Keeping WordPress plugins up to date is important. At the same time, do not install plugins that aren’t used by thousands of other users already, and always check the feedback section at WordPress.org for any instances of shady behavior.
Install Sucuri, as the must-have security plugin, which will allow you to monitor your WordPress installation, as it scans it automatically for any malicious code.
WordPress itself is self-updating, and if you turned that feature off, make sure you enable it again.
A great list of information on how to secure and harden WordPress, can be found here.
I think WP is the number once choice for most domain investors, whether it’s for a blog, portfolio, or mini-site development. This is great to make sure everyone is aware of the security vulnerabilities to protect themselves. 😉
I think it is a great platform provided you follow some of the best practices you mentioned above. I also think wordfence is a good security plugin for people to use. I also think it is a good idea to set up a daily backup in case you do get compromised or just mess something up, it makes it very easy to fix with the backup in place.
I use wordfence for security
When I was running my blog I only used 2 security plugins one was the free version of wordfense and the other one was akismet. One thing I was doing was manuall backing up my database whenever I made a change to the site and file backups when I made a change any file. If anything happened to my block it could be back online in 20 minutes.