WordPress: is it safe to use for my websites?

http://www.zdnet.com/article/wordpress-is-it-safe-to-use-for-my-websites/

Avid readers of ZDNet have noticed that we ran a number of articles in recent weeks and months about security issues found in the popular WordPress CMS and blogging platform. Even the FBI issued a warning about WordPress sites being vulnerable to hacking by ISIS.

This has raised the question: is it safe to use WordPress? One reader asked me, if WordPress is safe, why there are so many reports about problems? In this article, I'll answer both of those questions.

First, let's talk about what WordPress is. There are two main variants of WordPress. There's the hosted WordPress.com service run by a commercial entity called Automattic. Then there's the open-source WordPress software that is installed and operated by millions of people worldwide.

•••••


Some of the exploits have applied to both WordPress.com and the open-source installations, while others apply only to the open version used by sites across the Internet.

•••••

The key to the question of safety is how you manage your site, given that knowledge.

I mentioned I got hacked a year or so ago. The reason was simple: I set up my site and then ignored it for a few years. WordPress updates very regularly, but until recently, it didn't have an automatic update mechanism. I simply put my sites up and went on with other business.

Bad idea. It would be like installing Windows XP and just letting it be on the Internet.

WordPress can be a very safe environment, but it needs to be managed. The open-source developers are very diligent and patch the code as soon as any vulnerabilities are found.

•••••