WordPress security shouldn’t be taken lightly. When your entire livelihood is online, you should be taking every measure to make sure your site is safe.
No one knows the state of WordPress security better than Sucuri co-founder Dre Armeda. Two years ago, Armeda left the company to pursue other things. Now he is back and just as passionate about web safety as ever.
After being gone for two years, Armeda has fresh eyes on the industry and believes the way forward is to use external services.
“If there’s already traffic on your site it’s too late. You need to stop thinking beyond the scope of your server,” he said.
While plugins and strong passwords are necessary and will work to keep your information safe, they aren’t fail-safe options. It’s more important to catch any traffic that comes into your site. Even if you are experiencing a DDoS attack, they won’t make it by the first line of defense.
Another factor in making the web more secure is education. The more people know about their security, the more they will be able to protect themselves. Automatic updates have made it easier to stay up to date. Now developers don’t even have to think about when a dot release is coming up or if a plugin has a big security breach. Everything is done automatically.
Though that is a big win, there is still more to be done. People need to evangelize security and make sure they are really taking it seriously. As Armeda said, the same list of security tips has been floating around for years, but the landscape is changing. The list should change too.
“I want people to be more proactive. As a company we’re messaging that and there are options beyond hoping,” Armeda said.
So what does the future of WordPress security look like? For Armeda, it’s cloud-based options.
“It’s a complete shift in how people think right now. So groomed to say just throw a plugin in it, it will work,” he said. “That’s a bad way to just leave it. It’s not the worst thing. It will give you awareness of some of the things that are going on. Need to start thinking beyond that and third party services.”