How Secure is WordPress 4.3.x and above

The vast majority of hacks happen from either insecure coding in plgins or themes. There’s only a very small amount from vunerabilities that are (pretty quickly most times) patched in upcoming WordPress versions.

As far as security of WordPress vs. Drupal, vs. pretty much any other CMS out there, the security really is going to depend on how well the extra parts are coded up. The core code is all open-sourced, and ther’s litereally 1,000’s of pairs of eyes looking at it for weaknesses, so any vunerabilities are found and fixed pretty quickly.

WordPress gets hacked alot because there’s a huge amount of sites using it, and as much as I hate to say it, the vast majority don’t keep up-to-date with the latest updates. hackers target older versions as they know where the vunerabilities are, so the best way to keep secure is to keep the site updated. But then again, that advice holds true for every piece of software out there.

Having said all that, there are things that you can do to help yourself out. Have a read through Hardening WordPress, and run a good security plugin like Bullet Proof Security or WordFence.

How about compare WordPress 4.3 to Drupal 7 or 8, is Drupal more secure then WordPress?

You can’t, you have to research the response time to security issues and level of community input.

Having said all that, there are things that you can do to help yourself out. Have a read through Hardening WordPress, and run a good security plugin like Bullet Proof Security or WordFence.

Definitely. There is a significant difference between keeping WordPress updated to take care of any inherent vulnerabilities discovered and actually securing your site at server level. BulletProof Security covers all of the WordPress-recommended “hardening” and much more (covering the gate and all doors), Wordfence Security does its own special things beyond that, and NinjaFirewall can run out in front of your site to either stop or throttle certain traffic before it ever even gets to BPS, Wordfence and WordPress.

We have leased a dedicated server, our vendor has installed firewall for us, it was so tight that something even filter out our own members for invalided login attempts.

So, I am looking for idea to secure WordPress to make it harder to hack. Although we are none-profit organization and do not carry any credit card information, but it’s still not fun that your sites got hacked.

So, any suggestions are very appreciated. What is the best practices for keeping WordPress secure as “Federal Reserve Bank”, LOL

Thanks.

our vendor has installed firewall for us, it was so tight that something even filter out our own members for invalided login attempts.

If you do not already have access to those logs, I would look into that just in case you have more problems as time goes on. In any case, I would still add BulletProof Security and use its recommended permissions along with Wordfence Security for monitoring and throttling traffic as well as scanning files for any changes.

What is the best practices for keeping WordPress secure as “Federal Reserve Bank”, LOL

Pfft. ??

Banks get hacked too, just that they have many full-time staff monitoring and maintaining the security of every part of the systems that they run so most times the attackes don’t penetrate into the core systems. Front-end stuff will get hit all the time, but the behind-the-scenes things keep that from getting to the core systems (most of the time at least).

You can do that too, but you will need to hire somewhere between 2 and 20 (or more) people to do that sort of job for you. Then you’ll need a whole lot more hardware then just a aingle dedicated server – probably 3 or 4 servers for the front-end, then a few more for back-end stuff, plus load balancers, fireswalls, etc.

Also remember that no system is un-hackable. No system. The way that we all run with things ike this is a very fine balance of security measures vs the cost of getting hacked based on how much we value our site and what data we hold on each site. That’s something that only you can decide, and keep in mind that any decisions will need the budget to back it up.