Once you get your website secure it’s easy to keep it secure!
It’s a mistake to say “WordPress is insecure.” Yes, it may have once been insecure but then Toyota’s cars once had motorcycle engines! A lot’s changed. David Hayes recently said this very clearly.
It is very common for people who know very little about WordPress to say that it’s insecure. And there’s some reasons from history that this diffuse thought should be honored as holding some truth. But most of the things that have historically made “WordPress” insecure aren’t WordPress, the core software. They’re old websites maintained poorly and with software installed by people not realizing the seriousness of what they’re doing.
The core of WordPress is as secure as any similar tool with its history and vintage could be. Most of the security issues that are found and fixed in it today are pretty obscure and esoteric. They’re not things that are easily exploited on a random sites by a malicious attacker. So if you let WordPress auto-update as it should, you never really have to worry about WordPress itself being insecure.
If you’ve got an older version of WordPress or older plugins and themes then yeah, you might have fundamental security vulnerabilities. But chances are very good it can be solved by… upgrading to the latest version of WordPress. Plus plugins and themes.
Can we help people get their websites up to date? You bet! We like to think of ourselves as the car mechanics… and sometimes body shop… of small business websites. Could you do it all yourself? Sure. Usually. Maybe. But we do it all day long.
You don’t need us to run your website anymore than you need a mechanic to drive you around. But like an auto mechanic we