WordPress: Security

Now that you know what WordPress is, Why you should use it, and why Mr. D studios uses it, we are going to discuss the elephant in the room. Security.

Recently WordPress has been under scrutiny because of the security issues it had with older versions. Many WordPress users actually went unfazed because of regular updating of the WordPress core system through the WordPress admin panel.

The security issue raised it’s ugly head in November of 2014, However, the bug that created the issue was already solved in WordPress 4.0 which released a month before that issue. WordPress 4.0.1 at the end of November 2014 released with updates, but since the security issue didn’t exist, it contained all the other updates that needed fixed.

As WordPress explains rather bluntly in its Release Archive, (where you can get every build back to 0.71 from June 2003)

“none of these are safe to use, except the latest in the 4.0 series, which is actively maintained.”

So why wouldn’t you update the WordPress core?

Analysis of WordPress usage at W3Techs.com shows that only 58% of user updated to 4.0 or better. That means that 42% of  WordPress sites are still running 3.9 or earlier. Leaving them wide open to these security issues.
The Image Below is the table from their site:

Screen Shot 2015-02-06 at 1.23.36 PM

OK, You have updated the core of WordPress and are still paranoid about security. I get that. This is where the Having options is a great Idea. Plugins and third-party  security service are the solutions to those issues.

I recommend the Ithemes plugin,  iThemes Security (formerly Better WP Security) and Sucuri Security.

Ithemes offers Security with their plugin, iThemes Security (formerly Better WP Security). With over 4 Million downloads, this is a very strong choice.

“Themes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites get hacked each day. WordPress sites are easy targets for attacks because of plugin vulnerabilities, weak passwords and obsolete software.”

Themes offers security with regular updates, monitoring, and support if something goes wrong. If that isn’t enough there is a paid pro version. The Pro Version offers another two tiers of features if you really want to put your site on lockdown. Element Themes has written a great overview of the Ithemes Security Plugin here. It is a little time-consuming to set up, but well worth it’s weight.

If plugins aren’t your thing, or you want to stack security of your site, then Sucuri Security is the option recommended by Mr. D Studios. Sucuri is round the clock monitoring of a site. They have partnered with many hosting clients to offer unparalleled security for websites. They have a numerous amount of features including:

  • Professional Security Analysts
  • Malware Scanning and Detection
  • Malware Cleanup
  • Website Blacklist Removal and Repair
  • Repair Dirty Blackhat SEO
  • Security Monitoring
  • Distributed Denial of Service (DDoS)
  • Mitigation
  • Stop Website Attacks and Hacks
  • Malware Prevention
  • Zero Day Response Mechanism
  • Performance Optimization
  • Platform Agnostic Simple Configuration


Well worth $100 a year for any business on the internet.  Sucuri also has a comprehensive support staff to help you plan the best option for you business. If you aren’t sure about your site, you can check at Sucuri Sitecheck can might be the best first step to you owning a more secure website.

There are Mr. D Studios’ recommendations to help you tighten the collar on your WordPress site, and have a better experience owning and maintaining a website. Hopefully This helped to put your mind at ease with the recent security scare with WordPress.

Owner, Author, Designer, Consultant

Dylan “Mr. D” Roush is a graphic design professional with over 6 year experience. Based out of Pittsburgh,  Mr. D specializes in WordPress design, print design, typography and illustration.