How to stay on top of WordPress security issues

Products mentioned
Diligence and education

This article was originally published on Oct. 19, 2016, and was updated on Aug. 30, 2018, and Sept. 9, 2019. 

Getting online as a small business owner has never been easier. However, there are still a number of online security issues that tend to cause alarm for site owners taking their first steps into a wider digital world. Today, let’s take a look at WordPress security issues.

We’ll help you steer clear of unnecessary panic, and put the concept of WordPress security vulnerabilities firmly in context.

By the time you’re finished reading, you should have a clear picture of the current state of play, and a solid list of links to help you stay on top of WordPress security issues going forward. However, before we dive into the detail, let’s put the good news front and center.

WordPress has never been more secure as a software solution.


Though there’s no denying that we’ve seen our fair share of WordPress security problems in the past, the platform as a whole is in better shape security-wise than it’s ever been.

Hard lessons have been learned by the community, and despite its ongoing attractiveness as a target for bad guys, the number of show-stopping WordPress security risks have plummeted over the last few years.

A panel of industry experts watch over the platform’s core; release cycles are stable and regular, and security best practices are firmly established for developers across both themes and plugins. In addition, the hosting community has also radically upped its game in terms of security over the years.

Large about of locks on wall
WordPress is an increasingly well locked down platform.

Standard procedures for keeping safe as a WordPress site owner are also now widely understood.

All that said, it remains worth your while to regularly keep up to speed with security issues and developments in both the platform’s core and the wider ecosystem of themes and plugins. Let’s move on to look at the best places to stay ahead of WordPress security problems.

Recent security developments in WordPress Core

As we noted above, these days the core of the WordPress platform is in remarkably good shape security-wise. Security and maintenance releases are regularly rolled out to seal off newly identified WordPress security risks, and you’ll be notified in your admin of their arrival automatically.

Needless to say, it’s highly recommended that you upgrade as soon as possible when these roll around.

As a site owner, you don’t necessarily need to investigate all the details of these security releases, but it’s no harm to keep abreast of things by regularly checking in on the security category of the main WordPress blog. Here you’ll find handy listings of security-related releases going all the way back to 2005, along with breakdowns of the WordPress security vulnerabilities addressed.

WordPress Security Category Archive

Take a quick browse through individual releases to get an idea of the amount of behind the scenes heavy lifting that’s regularly going on to keep site owners safe.

Related: Top website security posts by Sucuri 

Stay up to speed with security news from the wider WordPress world

At this stage in the platform’s development, themes and plugins represent substantially wider WordPress security issues than anything to do with WordPress core.

As a site owner, you’ll need to do your due diligence when choosing both and regularly update them when prompted.

Related: How to update WordPress like a pro

It’s also well worth being proactive and keeping an eye on wider security news to stay in the loop.

The gold standard here in terms of expert information is set by the good folks over at Sucuri. In addition to providing best-in-class WordPress security plugins and detailed quarterly online security reports, they also provide bang up-to-date security news on theme and plugin vulnerabilities via their excellent blog.

A combination of keeping your ear to the ground via authoritative sources such as Sucuri and WordPress Tavern, and diligently updating themes and plugins, should help you largely steer clear of WordPress security problems.

Stay current with WordPress security issues

Security is always going to be a concern for responsible WordPress site owners, but it needn’t be a cause for terror. The reality is that the platform as a whole has made enormous strides in terms of security over the years, and is now firmly positioned as one of the safest platforms out there.

Stick to the following basics, and you should be sleeping soundly as a site owner well into the future:

  1. Select a hosting provider that’s proven to go above and beyond with security.
  2. Pay attention to standard WordPress security best practices.
  3. Always keep WordPress core updated, and check in on related security news.
  4. Keep your themes and plugins current, and review ongoing expert information from sources such as Sucuri.

Editor’s note: Are WordPress security issues a particularly pressing concern for you as a site owner? Want an additional method for minimizing WordPress security risks? Consider adding GoDaddy Website Security to your arsenal. Keep your site malware-free with no-hassle protection and monitoring.

Image by: Ervins Strauhmanis via / CC BY