Is WordPress Secure? A comprehensive data analysis by Kinsta.

Avoca Web Design mountains image small

Security is the number one concern for most website owners these days. A hacked website can lead to lost traffic, downtime and expensive cleanup costs. WordPress powers a huge proportion of the websites on the internet so naturally it is a target for hackers. So is it really secure?
Kinsta, a wonderful managed WordPress host (whom we use for some of our hosting needs), have tried to answer this question by diving into data collated by security firm Sucuri. Click the article link below to read their comprehensive look at the numbers.

TL;DR, the key takeaways from this Kinsta article are:

Kinsta come to the conclusion that

While no content management system is 100% secure, WordPress has a quality security apparatus in place for the core software and most of the hacks are a direct result of webmasters not following basic security best practices.

Here are the key factors to consider for WordPress website security

  • Use a good web host: You need a fast, secure, WordPress savvy website host that implements industry best practices. Cheap web hosting may seem like a win for the wallet, but you might be exposing yourself to more issues down the track.
  • Keep everything be up to date: Yes, WordPress is quite secure if both the core WordPress platform and any plugins and themes installed are up to date. Only 62% of WordPress websites are running the latest version, clearly many website owners need to consider more regular updates.
  • Have strong WordPress login passwords: Having an easy to guess password really does expose both your website user and the whole website to potential problems. (Read our article on creating strong passwords)
  • Use high quality plugins and themes: Plugins are the bits that give your website functionality (an events calendar, a page builder, a shop). Themes create the basis for your website design. These need to be from reliable sources and the code should be current.
  • SSL Certificate: Make sure your host provides an SSL certificate for your website. Google is now giving preference to websites with SSL certificates (the little green lock icon in the URL bar).

We encourage you to ready the full Kinsta article, it’s really good 🙂
PressLabs Blog also has a good article on A No-Nonsense Guide To WordPress Security: Doing The Things That Matter which talks about similar things.

Our own experience with WordPress

Avoca Web Design have not had a WordPress site that we fully manage, hacked yet. This is despite our security tools blocking over 16,000 hack attempts of various kinds across all our sites in a calendar year. We do follow best practice and we are very very careful about the hosting providers that we chose to work with. We update plugins and themes regularly and make sure all WordPress core updates are implemented when they are released.  This has paid off and allows our clients (and Avoca.Design) to enjoyed secure, hack free websites as a result.

We can help your website too

Here is an article on what we can do to help keep your website safe online.
Talk to us about our secure managed website care packages and how we can get your website safe and fast by taking care of all the little details.
Reach out to us at

Brendyn Montgomery

Brendyn is the manager of Avoca Web Design, a keen trail runner and an accomplished and award winning musician.

Related Posts