Is WordPress Secure for a Utility Website?

Why WordPress?

One of the questions that we often get asked is: Why do you use WordPress?

Here’s the simple answer: WordPress dominates the internet.

One of the most common misconceptions about WordPress is that it is just a blogging platform. However, WordPress is much more. The robust content management system (CMS) is merely the foundation of Powerful’s website development. The Powerful platform is so much more than just a website built on WordPress. Our team of trusted web experts have developed countless features to meet the needs of electric cooperatives and consumer owned utilities around the country.

Without any web development or coding skills needed, anyone has the capability to easily update a Powerful website with ease.

WordPress By the Numbers

WordPress is the internet’s most popular content management system. The user-friendly CMS powers nearly half of the internet all together.

  • 43% of all websites on the internet run on WordPress. That’s about 35 million sites using WordPress.
  • 64.3% WordPress’ CMS Market Share

To put WordPress’ market dominance into perspective, take a look at their rival, Drupal.

  • 1.2% of all websites on the internet run on Drupal
  • 1.8% Drupal’s CMS Market Share

It’s clear that WordPress’ versatility and ease of use makes it the most popular CMS choice.

Trusted by Many

WordPress users can feel confident in trusting WordPress as a secure platform. The WordPress Security team includes 50 experts of lead developers and security researchers who regularly collaborate with other security teams to solve complex and widespread security issues. If any issues do occur, WordPress facilitates responsible disclosure processes where reported issues are verified, resolved, and released.

Since its inception in 2003, WordPress has undergone continual hardening so its core software can address and mitigate common security threats, including the Top 10 list identified by The Open Web Application Security Project (OWASP) as common security vulnerabilities.

The WordPress Security Team often collaborates with other security teams to address issues in common dependencies, such as resolving the vulnerability in the PHP XML parser, used by the XML-RPC API that ships with WordPress, in WordPress 3.9.2. This vulnerability resolution was a result of a joint effort by both WordPress and Drupal security teams as it effected Drupal as well.

WordPress is used to host a variety of sites. From blogs to eCommerce stores to global businesses, this platform is favored among many site developers. Some of the most respected websites in the world utilize WordPress like In the Utility Industry, NRECA’s own and Wilco’s cooperative also use WordPress. All websites successfully connect with its website visitors through the power of WordPress.

Powerful Security

Powerful’s team of trusted web experts have a remarkably effective approach to keeping websites safe and secure. With website security and monitoring, maintenance, licensing, and support, you can trust that your important information will be kept safe.

Powerful employs an advanced firewall and intrusion detection system. This system performs automatic blocking when repeated attempts to gain entry to the system are detected. There are also regular scans of the filesystem for file changes and/or irregularities.

Here at Powerful, we are all about being proactive. We operate with the expectation that there will be a security issue at any given time in the future. Whether it be due to an unforeseen exploited security hole or another issue, Powerful is prepared with a recovery plan. With a high level of observability into the day-today inner-workings of the Powerful platform, we can serve our clients with great attention to detail. Thus, we operate from a position of proactive engagement rather than a position of unexpected chaos if/when an issue occurs. This perspective allows our team to assess the urgency and seriousness of the issue to move forward accurately and effectively.

Premium Security Benefits

Powerful offers a set of security-first features that help organizations maintain a secure WordPress website on the Powerful platform.

Some notable features include:

  • Content editor password checks against known password exploits
  • Enablement of real-time IP blacklist and malware signature updates
  • Automatic blocking of out of country traffic with particular emphasis on adversarial nations
  • Live traffic viewing, logging, and monitoring
  • Inbound traffic rate limiting
  • Web form quarterly data audits, collaboration with staff to implement data retention best practices
  • Strong password required
  • Login enabled two-factor authentication
  • Implementation and continuous support of DNS management with Cloudfare CDN (optional, no additional charge)
  • Implementation of secure fields integration to web forms, automatically redacting sensitive date (PII) in CMS email delivery
  • Military grade encryption of sensitive data (PII) within web form fields in website back-end database
  • Full compliance and annual OWASP Application Security Verification Standard Audit
  • Automatic quarterly password reset
  • Remove user role after inactivity within 180 days with a notification

Exceeding Expectations

When answering the common question, “Why do you use WordPress?”, Powerful’s team delights in the benefits of the software. As the foundation of Powerful’s website development, WordPress gives anyone (tech savvy or not) the confidence to manage and edit a website with ease.