For the most part WordPress is a good option for your web site. With its extensive repository of themes and plugins WordPress provides site owners with many options for design and content. Also, the fact that WordPress is built on php and MySQL, two open technologies with large developer bases, site owners can leverage a high-level of customization. But, in spite of all the good things, WordPress site security can be a significant challenge.
Because of the structure of a WordPress install plus the fact that most sites employ a theme and multiple plugins, a significant quantity of executable code can be exposed to the web browser creating exploitable opportunities for attackers and automated botnets. These botnets are particularly dangerous because they ping web sites looking for WordPress installs then they continuously try exploits in an attempt to gain access to the site or to upload malicious code. I have several clients with high SEO ranking sites that are constantly targeted by automated attacks, sometimes receiving thousands of exploit attempts a day.
Fortunately there are a some WordPress site security steps site owners can take to make their site less vulnerable to attack.
Posted by Dave Feltz, Software Developer