I am going to start a big corporate website for his car shop which is supposed be more secured. Is WordPress okay to start a secured and reliable website?
As far as i heard, WordPress hackers intrude to webservers by means of some vulnerable plugins. Is that true?
What If I build a website without even a single plugin? Would WordPress be secured then?
Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.
In a general sense, any well maintained platform can be used to to create a website with good security. It has to be noted that you will never build a website which is completely secured against hacking and spamming, no matter which platform you use and no matter what genius or pro you are. Hackers evolve faster that the security of a specific piece of code targeted to keep them out.
WordPress core itself is quite safe with good security. The big plus is that core is well maintained and kept up to date, so the security risks are kept to a minimum. The only downside is that core is still made compatible with PHP 5.2.something, which has been EOL’ed years ago. PHP 5.3 was EOL’ed almost a year ago.
That all aside, it does not matter how secure the platform is which you are using, it is all about the custom code you are going to use. It is a fact, there are thousands of really poor written themes and plugins out there which I would not even install on my local test installation, I might get hacked off line through these plugins and themes, hahaha ;-).
One very important note, keep your site and code up to date. Use proper well known hosting companies. Poor quality hosts rarely support PHP versions newer than PHP 5.4. As I said, PHP 5.3 was EOL’ed almost a year ago, so it is not maintained anymore, which in turn means big security issues if you are still using it. Get a host which support atleast PHP 5.4 which is still currently maintained. Proper hosts also have extra features for added security.
Upgrade WordPress when there are an update available. Try to have the latest version installed. There are also very well known good security plugins available and captcha validation plugins for forms.
Lastly, if you haven’t done so yet, get yourself a proper off line testing local install where you can test code, plugins and themes. Go through the code and make sure of the integtity there of. Only add code, plugins or themes to your live site if you are happy with it after proper off line testing
This should be a minimum guide to help you
Nothing is 100% secure, so plan for the worst:
Assume that your site will be hacked one beautiful day and even totally deleted.
Consider therefore recovery plans with:
- offsite backups for your database and uploaded files,
- offsite version control repositories for your code (themes and plugins).
Decrease the risk by using:
- up-to-date “trusted” software,
- secure connections,
- strong passwords.
… and hope for the best 😉