If you follow WordPress topics on Quora, you may have noticed a popular question making the rounds regarding security. The question has been viewed more than 30,000 times:
I am powering a bank’s website using WordPress. What security measures should I take?
Ordinarily, such a question is a magnet for trollish responses and uninformed WordPress bashing. However, this time Quora users were delighted to find that Matt Mullenweg, co-creator of WordPress, dropped by to offer an answer to the question.
Following a barrage of anti-WordPress remarks from other users, Mullenweg chimed in to clarify how WordPress can be used successfully in the banking industry.
I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.
He follows it up with two simple tips for keeping WordPress secure, including making sure the software is updated diligently, and using strong passwords for all user accounts. Mullenweg also solicited examples of WordPress-powered bank websites on his post highlighting his Quora response, and several commenters provided links to their work.
WordPress is often singled out for security concerns, given its high profile and dominant CMS marketshare. The platform is also regularly the target of hackers looking to maximize the return on their efforts. According to Mullenweg, WordPress’ security boils down to how you deploy it:
As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.
In other words, the security of a WordPress-powered banking website depends entirely on whether or not its developers have the necessary security expertise to manage the technology in a responsible way.
Even with all of the negative reactions to the Quora question, the other answers are important to consider, as it offers a window into how people perceive WordPress. Battling negative perceptions about security is one of the biggest challenges facing the platform today.
The recent rash of security vulnerabilities popping up in some of WordPress’ most popular plugins has exposed the need for better education on basic security measures, such as regularly updating your software. Hopefully, a few words of clarification from the project’s co-founder can go a long way towards building consumer confidence.