Security has been on the mind of a lot of people lately. Most prominently there’s there Equifax news. But a story today about CCleaner broke, the Display Options plugin for WordPress was compromised and subsequently banned from the WordPress Plugin Repository, and there’ve been many high profile security issues in the last few years.
To compound the issue, you have organizations like Equifax using WordPress for parts of their online presence and then blaming open source software’s shoddy security. This could lead our clients to ask: Are there security issues with WordPress? How should we handle that?
There are Security Issues with all Software
The most important thing to remember is that this can and does happen to anyone. It’s not specifically a WordPress problem. For example, CCleaner is specifically a Windows application.
WordPress is software runs on millions of websites, and updates to those websites are not consistent (another common software problem). So yes, there are security issues with WordPress, like there are with everything. But that’s not exactly what you should tell your clients to put them at ease, or to sell them on a new project.
WordPress Security Issues are Preventable
The first thing you should tell your clients is that, yes, while WordPress is vulnerable at times, many security issues are preventable. By keeping your website up-to-date, regularly backing it up, and testing it, you can avoid your site being compromoised.
You can also sign up for monitoring services like SiteLock or Securi to keep an eye on your website and prevent issues, even when you or your client are not at the computer.
The WordPress Community acts Quickly
The other point I make to my clients is that the WordPress community is a fast acting one. Since I am part of that community, I can be proactive when issues do arise. Last week, when the Display Widgets news became public, I knew about it and had options to replace it. I knew when it became safe to use again, and I had a long term plan to move any clients off of it.
This is not only because I keep an eye on the news. This is because those who develop for WordPress have the ability to patch and resolve quickly. It’s a big plus of WordPress’ active community. There are also great services out there like WP Site Care, which will handle these sort of things for you and your client.
WordPress Might be More Secure than Most
This claim is bold and to be honest, I have no data to back it up. But the point is that I’m 100% confident in WordPress from a security point of view. Understanding that breaches happen to everyone, I feel the WordPress community works quickly and proactively. They make sure to find and fix security issues.
PS: I’m incredibly excited to announce a new program I’ve put together for WordPress Freelance Coaching. We will tackle the question above and more. Plus, I’ll answer any specific questions you have about your business. Learn more.