WordPress Security introduction
WordPress Security is the main topic of this knowledge base, but first of all, you need to get some basic information about WordPress itself. WordPress is a free open-source content management system software (licensed under GPLv2 or later license from the Free Software Foundation). Based on PHP and MySQL, released by Matt Mullenweg and Mike Little on May 27, 2003 (version 0.7) WordPress made its first debut as a b2/cafelog fork. Since its first release WordPress market share is growing progressively. WordPress has come a long way from blogging platform to the most popular content management system.
By purchasing WooThemes company in the 2015 year WordPress made a huge step into e-commerce market. Hundreds of thousands of online stores now running on WordPress sites powered by WooCommerce plugin. At this moment WordPress is the most popular content management system, and it powers more than 30% of all websites.
Great popularity led to the fact that WordPress sites more often becoming the targets for hacker attacks. WordPress security is gaining more attention lately from WordPress developers. Huge WordPress community makes a great contribution to make the WordPress safer. ThreatPress has the same goal to make WordPress safer. We want to provide a full set of information, products, and services to strengthen WordPress.
Our WordPress security knowledge base made to provide all necessary information, to help you maintain your WordPress websites correctly. We hope that you’ll find answers to your questions relating to the WordPress security. Do not be afraid to ask questions if you do not understand something. Communication helps to solve complex problems and to find all the answers.
Please read all the information carefully. Before making any changes to your website do not forget to make backup copies. If you understand that it is too complicated for you, please contact our support team, and we will help you harden your WordPress or restore and clean it up if it was hacked.
Self-hosted WordPress.org vs WordPress.com
WordPress security starts with the proper hosting choice. It is most important to those who use the self-hosted version of WordPress. Self-hosted WordPress means that you can run it on any preferred compatible server or even on your personal computer if you have cross-platform web server solution stack (Apache and MySQL servers) package like XAMPP. You can download self-hosted version of WordPress from the WordPress.org website.
If you want a quick and free solution to create your site, you can choose hosted version of WordPress on WordPress.com website. For more accurate information you can check this site WordPress com vs org with a complete comparison of those two WordPress versions. All topics in this WordPress security knowledge base is relevant only to the users of self-hosted WordPress version.
Minimal WordPress hosting requirements
There are some minimal requirements to run the WordPress on your preferred server. WordPress recommends this server environment:
- PHP 7 or greater (WordPress can work on PHP 5.2.4+, but it’s not recommended because it may expose your site to security vulnerabilities)
- MySQL 5.6 or greater or MariaDB 10.0 or greater (WordPress can work with MySQL 5.0+ but it’s not recommended because it may expose your site to security vulnerabilities)
- The mod_rewrite Apache module (for safe and pretty URLs, by the way, it’s good for your SEO)
- HTTPS support (yes, you can use your WordPress without HTTPS support, but it’s highly recommended to use HTTP Secure protocol for security reasons).