WordPress releases a new version with the upgrades every 3-4 months. No other content management system can catch up with this speed. It means that there is a big team behind the game. Every release has a lead who is a top notch developer and he has a team of more than 200 devs working on the upgrades. With these updates, the core team tackles the issues and some new features are also added every time. The core team remains connected with the community through the beta releases. Therefore, a release does not just depends on the core team, but on the whole WordPress community.

Questions on WordPress security have been raised several times. Brute Force Attack and vulnerabilities are common with WordPress. Most of the developers to whom I posed a question on security of WordPress were concerned about the security of the CMS.


There are thousands of plugins and themes registered within the WordPress repository. The giant WordPress companies update their plugins right after every new release. Actually, it is necessary to update your websites with every new version of WordPress.

One of the basic chances you can create for the hackers to attack your WordPress website is to run outdated plugins and themes. And the products that aren’t active may lose their customers soon. WordPress forces its users to update to the latest version by culminating the support for the previous version. But, unfortunately many WordPressers do not upgrade. This eventually results in hack attacks on the websites and databases.


Hosting with shared servers is one of the biggest reasons for the increasing number of these hack attacks. Bots tend to look for open ports to enter and attack the servers. If you have a weak password and bots crack them, it is not only harmful for you, but also for those who have hosted on the same server. Keeping each site on server secure is very important.

When giving access to the customers, these hosting agencies should ensure to keep an eye on their activities. There are several plugins available for making the website admin secure. It is also recommended to use two-factor authentication.

Also read: Think twice before ignoring these 3 WordPress security tips


Sometimes we can control the security of WordPress through easy steps. All these experts explained it beautifully. I am summarizing the steps in few tips:

Choose your WordPress host wisely.
Always keep backups of your work.
Keep your WordPress, plugins, and themes updated.
Use two-factor authentication at WP backend.
Use strong password for login.
Use the recommended security plugins like VaultPress, WordFence, etc. to avoid attacks.
What are your common practices to secure your website? Tell us in the comments below.

About the author: Waseem Abbas is a WordPress Community Manager at Cloudways. He has a knack for exploration. Whenever he explores a WordPress trouble, he tries his best to solve it. He is also a food explorer and travel lover.