WordPress – security issues

As a developer of WordPress themes and plugins, we are always faced with the challenge of making websites safe from hackers without sacrificing features. Just if you do not want a 08/15 solution but a custom adjustment, this point becomes elementary.

If you are interested as a web page operator, it is always necessary to inform you about the possible types of attacks beforehand. Make your homework and bring your knowledge up to date.

For this purpose, we publish a series of contributions, such as brute force attacks, SQL injections and DDoS hacks.

Regardless of what an agency like ours can do for your site security, you too can contribute significantly to the website security of your WordPress system.

Through our work with WordPress in cooperation with onlineshops, mobile apps and other in-house systems we have dealt with this topic in detail. Thus, the three most common factors that make WordPress pages vulnerable can be identified. Most hacks occur because of the following weaknesses:

  • Weak coding for themes
  • Plugins that have security gaps
  • Incorrect server settings by the provider or by WordPress itself

The good news is that the solution for this is relatively uncomplicated and can go very fast.

For companies and agencies we can say from experience, one must not underestimate that it requires constant monitoring. The system should be fully checked at least 24h every day. Although leading providers such as World4You and 1 & 1st security checks, so you should not put everything in it.


From experience, we can give you the following tips:

Perform regular backups of the entire system (Caution: Files and Database!)
Always update your system first in an encapsulated environment, and check your page for a comprehensive set of functions before you touch the live system
Monitor your server and your WordPress installation (at least every 24h)