default WP security

  • Hello,

    From a general security point of view, are most people not concerned with people getting into their WP admin panel or accessing their site (in malicious ways) if only using default WordPress installation?

    Meaning, most people are happy, good, or not concerned with protecting or securing their site, because WordPress core/default code is good or great enough… that it is not a concern?

    You can just put up a new WP site (use all default settings) and have, for example, a membership site and not be concerned about people hacking in (somehow)? All the login and new registration forms are good enough to prevent any issues?

    NOTE: I’m not talking about, if the site owner installs a bad plugin and that plugin creates holes or vulnerabilities in the code. I’m only talking about default WP code.

    So maybe I should stop looking for a problem, that doesn’t exist?

    thanks for your input ??

    • This topic was modified 5 years, 1 month ago by Jan Dembowski. Reason: Moved to Everything else WordPress, this is not a Requests and Feedback topic
Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Sorry, what are you asking for? Are you taking a poll..?

    Thread Starter sayze35

    (@sayze35)

    Hi Jan, no… no poll ??

    My situation/delima…
    If I use current WP site and only use default code/functions/etc to manage users, is my website safe?

    OR do I need “other” precautions, from a software/ plugin point of view, to feel safe?

    note:
    my host is very good, one of the top WP hosting companies.
    we have cloudflare.
    our plugins are minimal, verified, etc.
    our own plugins use default WP core functions, etc. (ie. not writing own code, except for process logic)

    Should we be concerned? Do I extra protection or is default WP as good as it gets?

    thanks

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    >> If I use current WP site and only use default code/functions/etc to manage users, is my website safe? <<

    Yes.

    However I recommend a good security plugin to keep an eye on things, ensure good passwords, and block repeated attempts to guess passwords, etc. I use WordFence on all of my sites. Pick one of the popular ones: https://www.ads-software.com/plugins/search/security

    Thread Starter sayze35

    (@sayze35)

    Thanks Steve,

    Logically, I can believe you on the “yes, default WP is safe”. Is that the majority of people? Is that a very high consensus rate? But looking for facts, assuming they don’t exist?

    On using a security plugin… that opens the door to trust issues, relying on 3rd parties who may or may not be good, etc. etc. Also, not wanting to load up a bloated security plugin that slows or creates other problems.

    Which ultimately, I was asking about default WP security functions. I believe default WP is fast, safe, and works well… but was trying to confirm that in terms of security.

    Thanks

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Your house is secure… if you remember to close and lock the windows and doors, put away your bike in a secure place, etc. It’s in how you use it.

    “Is that the majority of people?” Who cares? In the years I’ve been managing WP sites, I’ve had only one hacked and that was due to a misconfigured server, not to WP. Moving the site to a different host solved it.

    “relying on 3rd parties” Define a 3rd party. Seriously. You mean non-core devs who are putting out plugins? You can trust some, you might look side-eyed at others. That’s when you care more about what the majority of people think. Read the reviews (for the developer’s replies more than the reviews themselves) and the support topics. Does it look like the developer is on top of things?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Some fun stuff to watch: https://wordpress.tv/?s=aaron+campbell https://wordpress.tv/?s=security

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘default WP security’ is closed to new replies.