Open source software like WordPress has a reputation for beingless secure than closed source, and that’s not necessarily true, according to cybersecurity firm SiteLock president Neill Feather.

TechRepublic’s Dan Patterson met with Feather to discuss simple solutions to keep websites powered by WordPress safe from hackers.

“The reality is cybercriminals are business people,” said Neill Feather, SiteLock president. “They’re attracted to financial rewards.”

The more popular a content management system (CMS) is, the more likely it is to get attacked, he explained. WordPress powers over 74 million websites, meaning these sites are more likely to get attacked not because they are insecure, but because they are all powered by the same CMS.

SEE:Cybersecurity in 2017: A roundup of predictions(Tech Pro Research)

“The great thing about WordPress is that it has this plugin ecosystem that allows you to do a lot of great things very quickly,” he said. “On the flip side, the innovation there is sparked by a very large community of contributors.”

Feather suggests for WordPress users to know the source of the plugins they plan to use. Users should research who maintains and owns the plugins, and know how often the plugins are updated. Many of the vulnerabilities that get introduced are from outdated software and plugins are a weak entry point, he said.

WordPress users should also be proactive about their website security, and run proactive software that can automatically keep their software up to date.

Also see: