WordPress Is Now Safe for Bank and Credit Union Websites
Updated: October 2021
WordPress is the most popular blogging platform on the web today. WordPress is one of the easiest platforms available for beginners to pickup and use with no programming experience. It fulfills its core purpose remarkably well! WordPress used to pose a grave security risk for bank and credit unions to use, but by combining recent improvements to the code with 20+ years of developing reliable security strategies, we can now comfortably recommend WordPress as a CMS for bank and credit union websites.
WordPress is Popular. Does that Mean it is Good?
WordPress is the most popular CMS on the internet and commands a large percentage of market share among banks and credit unions. Does its popularity mean it is the best? Or even good?
Good is subjective. A thing is good when it perfectly serves the purpose for which its creator designed it. For example, a cup that has a hole in the bottom is not a good cup! On the other hand, a cup that holds liquid, fits nicely in a person's hand, and allows drip-free drinking is a good cup.
WordPress was designed first as a blogging tool. For blogging, WordPress is good, because this is what its creators designed it to do. WordPress has evolved into a more robust tool that now designers and developers can use to create much more sophisticated websites, like those most banks and credit unions require today.
Banks often require sophisticated interactive functionality, like forms, calculators, product comparison tools, videos, and social media integration. Bank websites are large, with hundreds of pages and categories of information. Most importantly, bank and credit union websites must be secure. Customers expect their financial institutions to use technology that is bullet proof and built with security and enterprise-class reliability as a primary design concern. WordPress used to fail miserably in these categories, but that is no longer the case. Through a plethora of plugins and specialized, hardened secure hosting for banks using WordPress, it is now a viable platform for bank and credit union websites.
Impenetrable Websites are a Myth
No website platform today is immune from attack. Any realistic conversation about website security must first begin with the acceptance that creating an impenetrable website is not a realistic goal. The only completely secure website is one that isn’t connected to the Internet or the power outlet. Once you’ve accepted that fact, then you’re prepared for a realistic conversation about website security. Today, with proper configuration, proactive system administration, and specialized hosting, WordPress can achieve a reasonable level of security to serve the needs of banks and credit unions.
Security as a Mindset
A realistic goal for any bank or credit union regarding website security is to make itself a less attractive target than the other potential victims on the Internet. The best way to do this is to place enough hurdles in front of attackers to make the level of effort required to hack the site greater than the reward.
When creating highly secure websites (or any software), developers must bring a security mindset to their work. Developers begin thinking about security before they write a single line of code. Security minded developers are constantly evaluating every architecture decision to identify security weaknesses and counter measures to eliminate each weakness. We approach WordPress website development with security as a key objective from the beginning, with continuous attention throughout the entire lifecycle of the website, including post-launch. This provides a high level of security assurance to banks and credit unions using WordPress, while allowing them to take advantage of the significant cost savings the platform offers.
What We Like About WordPress
WordPress began life as an improvement to an existing open source blogging platform that had gone stale. The developers who first contributed to WordPress had a mission of creating an easy to use blogging platform that adhered to then current web standards. They wanted other developers to be able to easily extend the functionality of the product by building plug-ins. WordPress has achieved these goals exceedingly well! There’s a lot to like about WordPress, including:
- It’s easy to learn how to use
- It’s free (well, sort of)
- Many ready to use themes are readily available for users who cannot afford a designer or don’t have design skills of their own
- There are ample community resources available to help people learn and use WordPress
- Thousands of developers worldwide have contributed millions of hours of their time to build and support the product. WordPress is a stellar example of open source effort.
How Do We Improve the Security of WordPress for Banks?
Bank and credit union websites require very specific extra configuration and security layers to make it optimal for banks and credit unions to use. We have built a secure WordPress hosting platform that is uniquely designed to meet FFIEC, FDIC, NCUA, and NIST security recommendations that banks and credit unions require, including:
- Password complexity customization and enforcement
- Automatic password expiration policies and enforcement
- Automatic account lockout policies to mitigate brute force attacks
- Change auditing & versioning to track all changes made to text, graphics, design elements, attachments, and other website assets
- Ability to restrict access to login pages and administrative areas of the website by IP address
- Audit logging of all actions users performs while inside the management area
- Database encryption for stored data collected through web forms
- Intrusion prevention systems that stop attacks before they reach the web server
- Web application firewalls to prevent DDoS, brute force, and SQL injection attacks
- Automatic and real-time record retention that captures screenshots of every page in the website as soon as changes are published. Records can be stored for up to 7 years.
Need a Secure WordPress Site or Hosting? We Can Help.
One reason so many WordPress websites are successfully attacked is that the site owners do little to mitigate the inherent risks in WordPress. WordPress sites are often hosted on non-hardened servers with minimal or no firewalls in place, with many settings left at defaults, and no additional protections in place to prevent common attacks.
If you want to a new website built on WordPress or already running a WordPress site, we are the experts who can help banks and credit unions use and host WordPress safely. You can reach out to us and we can help you directly, or we can give you advice to help yourself.
Other Recent Blog Posts
Find this useful?
Want to receive our monthly tip to make your website easier to use and safer? No spam, just good advice. Signup!
Interests