Security is a complex topic.  There are many different ways a would be hacker can compromise a website.  Often the server on which Wordpress is installed has been compromised. On a shared server environment this can lead to many websites being “hacked”.  This can be hard to detect and often hosting companies will not disclose this kind of information because it affects their reputation.

The most common reason for a WordPress site being “hacked” is an out dated version of the software.  With version 3.7 (currently 4.3.1) came automatic updates.  Wordpress has settings that allow you to choose what level of automatic updates you will allow.

There are four levels of automatic updates:

• Core updates
• Plugin updates
• Theme updates
• Translation file updates

“By default, every site has automatic updates enabled for minor core releases and translation files.” WordPress codex.

For people who are not comfortable editing the config.php file in a WordPress install it is best to install a plugin to make changing the settings easy for you.  The plugin I use is called L7 Automatic Updates.  It is a free plugin that provides all the options a regular user would want to use.

With your site automatically updated to the latest version of WordPress your website is secure.  When the next bug release or security flaw is discovered your site will be protected as soon as the patch is released.

WordPress is an open source project which means that the code that runs it is freely available to scrutinized by everyone.  At first this may seem like a bad idea because you are exposing the inner workings of the system to would be hackers.  But it has been proven that this kind of exposure lets the code be inspected by many, many people who can and do report their findings to the WordPress organization, which creates a patch and can deploy it in a matter of hours.

~ Layer7web