WordPress + security = true
The White House, BBC and The New York Times have chosen WordPress. If you ask us, that's proof enough that WordPress is secure. But if you need more arguments, here you go.

There's a reason why the world's largest companies and organizations choose WordPress. Because WordPress done right is as secure as anything else out there.
But we understand that it's easy to assume that WordPress - with its open source code - can be more vulnerable than closed, proprietary systems. Fortunately, the reality is more nuanced and far more positive.
WordPress combines ease of use with robust security measures, making it an ideal choice for businesses that value both flexibility and security.
A popular target for hackers
WordPress is the world's most widely used CMS. With a market share of over 60% worldwide, it's undoubtedly a hot candidate to find security holes in, for that reason alone.
WordPress has some of the world's largest organizations and companies among its users. Enormous sites that are guaranteed to be exposed to attacks during their lifetime. There's simply prestige in hacking them. Or their content may be so valuable, or have so much defining power, that it's important for someone to hack them.
Glossary:
Release: Software release that is an update.
Security patch: Security patch that plugs a hole
Penetration test: Attempting to find security holes
Code review: Systematic review of the source code to find errors
Size itself is a threat
Hackers may want to see who the users of the site are, or write and publish erroneous content to shape public opinion. Or completely different activities that directly harm owners, users or other stakeholders.
The size of such organizations in itself is thus a threat. This makes them the main target for data attacks, ranging from data breaches to denial-of-service attacks (DDoS). It goes without saying that security is an absolute necessity for such clients . And they still choose WordPress.
WordPress is making continuous improvements in security
WordPress done right is very secure. Like everything else, it requires knowledge, proper configuration, infrastructure and, not least, maintenance. In the right hands, it's one of the most secure CMS options a website can be built on.
Much is thanks to the WordPress community. The highly engaged network of developers, users and enthusiasts who actively contribute to improving and securing the WordPress platform. So that it keeps pace with the ever-changing threats in the digital landscape.

Don't buy themes in WordPress
There are a few precautions and security tips to take along the way. Weak passwords, lack of updates and bad plugins are the three root causes of lack of security on all CMSs. And you should avoid them. In addition, using two-factor authentication is both easy and very secure.
Read more about two-factor authentication here.
Be very careful with everything you install. Many people fall into this trap, and this is one of the reasons why we at Dekode never buy WordPress themes. We rather create them ourselves. There is too much risk associated with anything you download from the internet - whether it's for WordPress or anything else.
Dekode works actively to write secure code. This minimizes the risk of security threats and makes the code more resistant to attacks. In addition, we are continuously updated on security threats and best practices.
Be careful with plugins
Third-party plugins may contain security holes that can be exploited. These can allow hackers to gain unauthorized access to your website, infect it with malware, or steal sensitive information.
Some plugins are not updated regularly by the developers. Such plugins can become vulnerable to new security threats and cause compatibility issues with the latest version of WordPress.
There are also several examples of plugins with bad code. These can also lead to security issues, performance issues, or conflicts with other plugins and themes on your site.
Dekode's whitelist for plugins is short
If one client of us wish to use a third-party plugin, we must review and approve it prior to use. And we can be completely open about the fact that our whitelist of safe third-party plugins is very short.
We always do a thorough assessment before approving a third-party plugin. Reviewing the code and checking security and performance is important, but we don't stop there. We also thoroughly check who is behind it, how well maintained the plugin is and how many active installations it has. If a single person is behind it, or if the plugin hasn't been maintained for a long time, it shouldn't be allowed into your solution.
Your safety is our number one priority
We often take over the operation of some websites with varying security quality. When this happens, we have good procedures in place. If you are unsure about the quality of your WordPress site, we can do a review and assessment for you. A so-called "code review", in the tribal language.
During a code reivew, we go through the website, replacing plugins that do not pass our security criteria, and the process of cleaning up here is important. Because if WordPress works well, the operating environment will be good.
We have also created a security plugin that scans for updates and installs them automatically on the server. We are now rolling out this service to all existing ones clients , completely free. Other users can buy it from us.
Take security seriously
Keep safety in mind, always and no matter what. That's our best advice. Here's a to-do list of what you need to make sure you have in order:
- Have good quality control of plugins and themes
- Only use secure plugins, our shortlist is very short
- Continuous security updates
- Use Cloudflare for good Ddos protection
- Good quality routines
- Good development routines to ensure that the code is secure
- Continuous monitoring
- We recommend everyone clients to do a penetration test
- Secure passwords
- Use two-factor authentication (2FA)
- Not allowed to publish via WordPress App or other third party apps
- Be aware of what you publish on the internet
- Have a relationship with web security on your own machine
- For additional security, we recommend that you have a web application firewall (WAF)
- All images and downloadable content should be on cdn (content delivery network)
Are you unsure if your WordPress solution is secure enough?
Book a safety review now!
