Article Outline

Don’t Fall for the “WordPress Is Insecure” Argument

People are always drawn to the newest, coolest thing. There’s something irresistible about the latest gadgets, trends or ideas. It’s like a magnet pulling us in, promising something better or more exciting. And when web developers dangle the latest and greatest website platform in front of publishers, it’s no wonder some take the bait and get reeled in. But be warned, the grass isn’t always greener on the other side. In fact, when it comes to WordPress users, it’s proven to be way more beneficial to water the grass right where you stand.


“A lot of web designers and a lot of developers are saying, ‘Don’t use WordPress. It’s insecure. Use ours, it’s a lot better,’” says Joel Pape, CEO and Founder of MediaOS. “But the thing is, people are getting sold on proprietary systems that stop developing because it’s hard to compete with WordPress long term, and then they’re locked into an out-of-date tech platform that they can’t get out of.”


And just like that metaphorical grass you should be watering; you must nurture your WordPress site for it to continue to be successful. This isn’t a “set it and forget it” kind of situation. Plugins need to be kept up to date and security services need to be in place to ensure your site is as secure as possible. WordPress will continue to develop over time – and they will have their hiccups just like any other software – but publishers must put in some work on their end to support the process.


So why does WordPress get hacked from time to time? Well, as the leading website platform that doesn’t require the user to have coding experience, it has more than 60,000 plugins to improve website functionality. They aren’t all going to be good seeds. “Choosing a WordPress plugin is a lot like dating,” said Joel. “You aren’t going to bring all of them home. You must be a little discerning.”


How to Choose a WordPress Plugin

With thousands of plugins to choose from, there is a trick to choosing the most credible ones. So what makes a plugin trustworthy? Nothing in life is guaranteed, but your best bet is to choose those that have been around for a while, have been actively updated and have a high number of downloads and active installs.


Plugins that have been around for a while often have a track record of being reliable and effective. They’ve likely been tested, updated and improved based on user feedback and changes in WordPress itself. Established plugins tend to stay updated with the latest WordPress versions and security patches. Developers of these plugins are often more proactive in addressing bugs, vulnerabilities and compatibility issues.


Plugins with a history tend to have a larger user base and an active community around them. This means there will likely be more online resources, forums and support channels where users share experiences, troubleshoot issues and provide guidance. A more seasoned plugin is more likely to have a stable codebase and offer a wide range of functionalities. These plugins have often evolved to include more features and have undergone refinement based on user needs.


Newer plugins might seem promising, but they also carry a higher risk of bugs, security vulnerabilities, and the threat of  being discontinued if the developer loses interest or support. Established plugins are generally more stable and less likely to suddenly disappear. However, while longevity can be a good indicator of a plugin’s reliability, it’s not the only factor to consider. Always check reviews, ratings, update frequency, developer responsiveness and whether the plugin meets your specific needs before installing it on your WordPress site. Sometimes, newer plugins can offer innovative features or better performance, so a balance between reliability and functionality is crucial.


Security Services 

For some publishers, it might be tempting to host their website on their own server in an attempt to save some moolah. But what most of them don’t know is, to do it right, they’ll have to spend money and resources on contracted developers. “You will spend a lot more trying to do it all yourself, unless you have several million unique visitors a month,” said Joel. “So if that’s not the case, it’s probably not advantageous to self-host because you’ll end up paying it out in people and time. Outsourcing to companies such as Flywheel is highly recommended.”



Flywheel is a managed WordPress hosting provider. It specializes in hosting WordPress websites and offers services tailored specifically for WordPress users. It provides hosting solutions optimized for WordPress sites, including features like automated backups, staging environments for testing, performance optimization, security measures and a user-friendly interface tailored for WordPress management.


“Your entire WordPress admin folder shouldn’t be accessible to the public,” said Joel. “That’s where 90% of all security vulnerabilities happen. So if it’s not accessible to the public web, that takes care of the vast majority of issues. That’s where a hosting provider like Flywheel can help.”



Another security measure that can be implemented is the use of Cloudflare on the frontend of your website. Cloudflare is primarily a content delivery network (CDN) and web security company. It provides services aimed at improving website performance, security and reliability. Its CDN distributes website content across servers worldwide, delivering it to users from the nearest server, which speeds up page load times. Additionally, Cloudflare offers DDoS protection, firewall security, SSL encryption and caching services to enhance website security and performance. “Running Cloudflare on your website is like having a security detail and a performance upgrade all in one,” said Pape.


Look For Staying Power

When it comes to adopting new technology, patience has proven to be key. “We don’t adopt the absolute latest technology that comes out from a programming standpoint or integrations or otherwise. Unless we absolutely must.” said Joel. “We want to know that in two to five years the technology will still be around and updated.”


Joel speaks from experience, using the example of MooTools, a collection of JavaScript utilities designed for the intermediate to advanced JavaScript developer. “Back in 2006, they were quite successful at JavaScript library core programming,” said Joel. “Well, if you chose MooTools right off the bat, you pretty much would have had to entirely rewrite your application two years later because they 100% died off. People wanted to adopt this new concept but should have waited it out a bit.”


Taking a while before jumping on a new technology offers a chance to make a more informed decision. It’s like giving that latest gadget a bit of time to prove itself. By waiting, you get to see how it fares in the real world, what others think of it and any quirks it might have. Plus, it gives the tech a chance to mature and stabilize. Waiting helps you weigh the costs, see if it fits with your existing systems and even gives your team time to get up to speed. It’s about making sure that when you do adopt it, it’s at the right time for your business and with fewer surprises along the way.


“Patience is key,” said Joel. “Being the first to the newest thing is not always best. But you also don’t want to be left behind by waiting too long. You’ve got to wait for a critical mass. And right now, there is no critical mass other than WordPress.”

Skip to content