Get bank marketing tips delivered to your inbox
It’s a question that we are asked frequently, and for good reason – banks and credit unions need to ensure that their sites are never compromised by hackers or other security threats. While we can’t answer this with a simple “yes” or “no,” the truth about WordPress’ security is pretty simple.
Some opponents of WordPress often argue that it is more easily compromised because it is an “open source” content management system (CMS). Essentially, this means that the source code is available to developers from across the world, which allows them to build new features and modify code to create customizations. About 1/3 of all active websites are built on an open source CMS, which includes platforms like WordPress, Joomla, Drupal and DotNetNuke. Many core providers use these content management systems to create and maintain FI websites.
All open source content management systems have comparable security. So, why does WordPress have a reputation for being more vulnerable to hacking than other CMS platforms? Well, WordPress alone powers more than 43% of the web, and many people believe that this makes them a bigger target for hackers. The same thought process is applied to Windows operating systems compared to iOS; more computers run on Windows, and hackers who want to cause the most damage would want to build their malicious code to target that operating system.
This logic is correct; WordPress and Windows are both bigger targets. However, they are not actually any more or less secure than their counterparts. Their security is really contingent upon how you’re using them, and the security measures you have in place to prevent intrusions. Since we only work with banks and credit unions, we have a unique insight into the security needs of FIs, which is why we suggest using the following methods to keep your WordPress site secure.
When it comes to website security, regardless of which CMS you choose, your host is one of the most important factors in keeping your site safeguarded. How important is it? Well, according to a recent survey, 41% of websites were hacked through a security vulnerability on their hosting platform! Fortunately, banks and credit unions have unique hosting requirements that will afford you the highest level of protection. Specifically, you need a host that meets SSAE 16-Compliance standards. With a trusted, reliable and secure host that can maintain compliance, you are eliminating a majority of the security risks that threaten your site.
WordPress employs a team of web security experts and industry-leading developers to research to find and address security issues across the platform. They partner with teams of researchers and security professionals from across the world to ensure that WordPress is protected from vulnerabilities. So, every new version of WordPress fixes new bugs and security issues to help keep sites protected from the latest threats.
However, these security measures are only useful if you keep your CMS up-to-date with the latest version of WordPress; neglecting to update your site could leave a vulnerability for hackers to exploit. When you consider that only 39% of WordPress sites are up-to-date with the latest version, it’s easy to see why WordPress has gotten a reputation for having a lower level of security. Working with an experienced web design partner is a good way to ensure that your site is always updated with the latest version.
Because WordPress is an open source CMS, developers can create custom plugins that introduce additional functionality and versatility into each site. Plugins can include anything: dynamic customer testimonials, image galleries, search engine optimization tools, contact forms and much more. There are thousands of plugins available for WordPress, and they are one of the main reasons why the CMS is so dynamically customizable. However, they are also one of the biggest security threats to the platform; according to a leading expert in WordPress security, plugin vulnerabilities account for nearly 56% of known hacking entry points into your CMS.
Anyone can create a plugin that can be installed on a WordPress site, but you should only use official plugins from reputable authors. And, just like WordPress CMS itself, each of these plugins needs to be updated regularly so that they remain protected against vulnerabilities. Trusted creators release regular updates to their plugins in order to ensure that they cannot be exploited or used as a backdoor into your site. It is advisable to avoid plugins that have not been updated within three months.
