WordPress.org

Ideas

Default Plug-In Security

  1. nickfromseattle206
    Member

    Many small businesses using WordPress end up paying $200-$300 a month to an agency like us for plug-in security.

    This increases the TCO of WordPress making it more expensive than other frameworks.

    I think adding security would benefit everyone from business owners, to their users who are no longer at risk from hacked sites.

    Posted: 9 months ago #
  2. Ipstenu (Mika Epstein)
    Administrator

    WordPress handles as much security as it possibly can. It's the plugins and themes that are complicated.

    Posted: 9 months ago #
  3. hayksaakian
    Inactive

    A few of my websites were hacked because they used plugins which I forgot to update.

    For example, I forgot to update Gravity forms and they were able to get into my site because of a known exploit.

    Is there some sort of system to 'auto update' plugins?

    Posted: 9 months ago #
  4. Ipstenu (Mika Epstein)
    Administrator

    Yes.

    https://codex.wordpress.org/Configuring_Automatic_Background_Updates#Plugin_.26_Theme_Updates_via_Filter

    And many plugins will help you refine that. The PROBLEM is that WordPress doesn't control plugins and themes like they do core, so it's more likely to break your site with a plugin update than a core update :/

    Posted: 9 months ago #

RSS feed for this topic

Reply

You must log in to post.

  • Rating

    12345
    0 Votes
  • Status

    Sorry, not right now