Some homes in safe neighborhoods don’t even bother locking their front doors. And there are other homes in different neighborhoods with bars over their window and metal security doors in the front. And then there are rich homes that have guard dog, gate, and a security guard. Security setup is really based on what kinds of attack you expect and how valuable whatever you are protecting. And each setup has it’s own vulnerabilities and strengths that goes with it.

& Security is the MOST Important Topic in WordPress.

WP.org has over 1,000+ plugins for ‘security’

If you have anything important in your house, it probably is a good idea to have some sort of security measures. Same logic goes to WordPress sites. Unlike older generation HTML sites which is like a hanging picture which does NOT change or do anything on its own, WordPress sites are something like self operating video playing wall album that takes input from person standing in front of you. And each person who are in front of you can use touch screen to see next video and there’s also USB ports on the side that give control over the album’s content.

What would you do if you found out people are uploading video/pictures you don’t want to the album on the wall?

Not having any security on WordPress is like leaving USB port of the video album exposed or leaving your front door of your house wide open. While most may choose to not walk into an open door, it’s matter of the time when someone decide to. In essence, that’s why you need security on WordPress sites. Many people may think that you won’t be a target of hackers. And you’re probably right and the sad reality is if a real hacker is targeting your site, there probably isn’t much you can do. Then why do you need security on WordPress site?

Because of spam / hacking bots…

WordPress is the most popular Content Management System (CMS) with whopping 38% share of all websites in the world. The #2 CMS is Drupal with only 8% usage shows how popular WordPress is. And this is because of simple fact that WordPress is easy to manage. This makes WordPress a #1 target for all spammers because they know every third website they randomly target will be WordPress, making it easy to prepare for an attack. (versus preparing to attack 5 different kinds of CMS)

‘WordPress is as easy as it is vulnerable’

Most of hacking bots’ primary goal is to link their target sites (typically Viagra, porn, or Nike shoes) from your site. And they will do this either by converting all existing link to new link or inject links all over your website. And the worst part is, once you are hacked, you’re most likely entered in ‘vulnerable site’ list and they’ll make your site as their regular target. Whether you Need Security on WordPress or not is not really up to debate if you ask anyone who professionally work with WordPress. It’s ‘HOW’ part that’s debatable. And remember, once you are hacked, there’s not much options to re-take control over your site either. You can go back to Backup copy (given you have it) and hope it’s a safe copy prior to being hacked (remember some malicious codes have dormant period) or you can hire professional to try remove all the malicious, injected codes. And I can assure you, second option will not be quick, easy, nor cheap by long shot.