WordPress is by far the best multi-function publishing system out there.
About 30% of the Internet uses WordPress to build their website and it's even taking on ecom with WooCommerce backing 7% of online stores (vs. 18% for Shopify, a specialty ecommerce SaaS).
Such success unfortunately brought hackers to the party too.
They want a piece of it.
According to Sucuri's Hacked Website Report 2018, WordPress is by far the most hacked platform of the year (2018) with 90%.
Other facts highlighted by the same report:
Things don't look bright from WordPress' security side on the upcoming years.
WordPress is advertised as the perfect DIY publishing system.
It has the best themes and plugins for a budget price which is the main attracting side for most users.
But to make a good use of the platform, a good understanding of how WordPress works is vital.
That understanding comes by repetitive use of the platform.
What WordPress advocates miss to mention is that you need a more than average technical understanding to really get by the most common use case scenarios.
And that needs learning programming languages.
We are talking at least:
Gets tougher when dealing with WordPress updates and security. You are no longer swimming the publishing tool waters...
It needs a specific skills set.
Updating a theme or a plugin sound like a piece of cake. One click, and you're all set, right?
If you can afford the risks of diving-in unprepared... be my guest Click the update button and wait for you fate
To be clearer, it is absolutely not the way WordPress updates should be handled.
If you are doing that, you need to stop and reconsider
As any program, an update can crash for multiple reasons.
You really need to be positive you're prepared to proceed with updates on your own...
Check the following questions to assess if you are DIY-updates-ready:
As you can see, keeping WordPress up to date is definitely not a one click task
It requires way more time, attention, information access, and knowledge than you can imagine.
Most of WordPress users assume that using a plugin like Wordfence means that their website is fully secure.
It's unfortunately not the case.
WordPress is secured like any Internet facing system. You need to secure the application (WordPress), its server, and the network.
Wordfence, for example, is just tool that we use to secure and monitor some aspects of WordPress.
The free version has a soft firewall that help cut easy attacks, and perform scans occasionally.
It doesn't fully protect the application, and does absolutely nothing to protect the network or the server.
It's more of a monitoring system, among others, to help catch some types of hacking attempts.
Here is a couple of questions for you to access if you can take care of your website's security on your own:
Again, as you can see, WordPress security is way beyond activating one single plugin