When it comes to a Content Management System (CMS) that is used to run a Website, they are all open to potential vulnerability at some point.  Like anything, it’s just a matter of time before your website is targeted. Almost every website that is live on the internet has been the target of a brute force attack, or targeted attack in its lifetime.  Many of these attacks are intended to expose vulnerabilities within the source code and open a backdoor to retrieve stored data or hijack the website.

It is a common misconception that the CMS’ core code is where most of the issues occur.  It is more commonly the case that a dependency such as a theme or a plugin is the source of the vulnerability.  In many cases, if there are bugs within the CMS’ code, they are fixed within hours of being identified by WordPress developers.   Many other leading CMS providers work in the same way, quickly addressing vulnerabilities as they arise.

While it’s easy to bork at the sheer number of attacks targeting WordPress specifically, when you take into consideration the sheer scale of its presence on the internet, those numbers start to fall into proportion.  

WordPress sites make up an incredible 34% of all website CMS’s that are used worldwide (Source: W3 Techs).  With that in mind, the relative number of breaches per instance is actually much lower than the majority of CMS’.

While you will likely see higher hack rates against WordPress websites, this is nothing to with implicit vulnerability of the platform, but rather a consequence of its popularity.  

As both a free and powerful CMS system, it has a substantially higher uptake of implementation by a vast number of amateur developers. Too often instances of WordPress are deployed by inexperienced developers, who unknowingly set it up without implementing the best practices that are essential to a secure WordPress site.

We have collated a few simple methods to increase security and reduce the vulnerability of WordPress when using as the CMS for your website.  Keep in mind that these are only a few starting points – you should consult an expert when it comes to ensuring the security of your site….


  • Do not use Admin as the admin login, remove the default admin account and replace with a unique username, that will prevent many common brute force attacks which will typically target the admin console of a website and cycle through lists of popular passwords.
  • Remove all the preinstalled themes that are included with a default WordPress installation; these are both unnecessary and are where many attacks are initiated from, as they are typically outdated themes with dormant code that can be vulnerable.
  • Remove your WordPress CMS up to date with the latest patches.  This can be automated or can be done manually. It is best practice to create a backup of the website before doing this in case you need to roll back due to an incompatibility caused by the update.
  • Remove any Plugins that are not required or not in use.  These Plugins tend to be left to become outdated if the Plugin developer does not maintain them.  This often happens with Plugins that are free, unpopular or the original developer has lost interest in the Plugin. A common misconception about deactivating a Plugin and leaving it installed on your WordPress installation is that the code is not active. This is partially true, the code may not be actively performing its function, but is still present on your web server and website, which means it is still vulnerable to exploitation.
  • The best advice for website owners is to use a website development company that offers a monthly maintenance agreement for your website. Making sure that it will have developers spend some time each month, backing up your website and applying patches and updates to the Plugins and WordPress CMS.


It is also worth investing in some security Plugins that can provide additional protection for your WordPress website.  Here are a few suggestions:

  • WP Hide & Security Enhancer (https://wordpress.org/plugins/wp-hide-security-enhancer/) – This is a way to mask the fact that you are running WordPress as your CMS by hiding the WordPress core files, login page, theme and plugins paths from being shown on the front side. Effectively reducing the brute force attacks and attacks that are targeting known vulnerabilities.
  • Wordfence Premium (https://www.wordfence.com/) – This like adding a Firewall directly to your website and also a Malware Scanner, it works to protect your website and keep it safe from know malicious IP Addresses, malware and has default firewall rules that can be activated on installation. There is a fee for the product, and it is annual, but the protection it offers makes it an excellent investment.

These are some simple but effective ways to make WordPress very secure and also deliver an affordable website that takes advantage of the world’s most popular and easy to use CMS, WordPress.

Web Design Davao

dwd our company

Web Design Davao is dedicated to providing professional websites that focused on making your presence on the Internet a memorable one. We understand the importance of getting it right first time and partner with you to deliver your ideas and concepts to the world as the professional website you deserve.

We do not stop there though; we are also online marketing experts that can guide you on your journey.

Our team is highly qualified and has a vast amount of experience in design, development and mobile apps, hosting of websites and online marketing. We have some of the best developers, designers and online marketers in the Philippines and are constantly expanding the team to include even more talent and skills. Our vision is not to just to create you a website, but to create you a beautiful website that drives results.

Located in Davao City, the Philippines we understand that in todays economy the importance of bringing your website to market in the most cost efficient manner and in a truly timely fashion.

Every project is personal to us, and that is how our whole team treats every project.

We are here to take your message and demonstrate your potential on the Internet. Our team of online marketers is here to make sure that you are seen where you need to be on the Internet and are found in popular search engines, thereby increasing your business’s online exposure and converting to increased business for you.

We create websites that drive results….

We Design & Develop

dwd our company
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eius mod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehen derit in voluptate velit esse

Our Goal

dwd what we do

Our goals are simple;

We aim to be the most trusted and innovative web design team in Davao, the Philippines and the world.

We aim to listen to your requirements and concepts, and then make it a reality for you.

We aim to deliver your project on time and on budget, every time.

Our success depends on our customer’s success. So word of mouth is our best tool for new business, so we ensure that you want to talk about us.

While others talk, “We Create Websites That Attract, Engage and Convert!”

What We Do

dwd what we do

We specialize in creating websites, web apps and mobile apps that are scalable, reliable and effective. All of our great designs are enhanced for a seamless user experience to ensure your site is intuitive and easy to navigate, providing the ideal combination of form and function.

At Web Design Davao we understand that your online presence is responsible for sending the first, and most powerful, message about your business. In many cases, it is also an important tool for doing business, whether as an online brochure of your services and products or as an online shop.

We partner with our clients to create websites that delivers innovative, engaging designs that support and enhance their-branding philosophy. After careful consultation with our clients we design and develop custom websites that are crafted to perfection.

Our business is to help our clients transition and thrive online. Using the Internet to grow your business depends on multiple aspects, and at Web Design Davao we have got them all covered. We create beautiful effective and responsive websites, we formulate powerful inbound marketing campaigns and we develop incredible web and mobile applications.

Our breadth of skills and experience allow us to develop custom applications and websites, to launching the marketing campaigns that help them flourish.

Our Services


Your website is an opportunity to impress potential new customers, our proven business-driven approach guarantees it delivers.

We create mobile friendly or responsive websites that deliver your messages no matter where your customers view them and no matter what device they view on. We always put lead generation at the heart of your website development project.


We always look for a solid ready-made solution to solve our clients’ problems. However, sometimes the requirements demand that a custom solution is needed and when that occurs we have the team of developers that can write code to solve the problem and designers to make if look the part.

We have a track record of assisting our clients improve workflows and work smarter and would love to partner with you on your next project.


We create highly polished iPhone & Android apps for start-ups and enterprise clients. At Web Design Davao, we don’t just create apps. We create the kind of apps that people talk about, that they use over and over again.

For us the user experience determines if people enjoy or fight with your mobile app. Our collaborative design approach works with your business goals, user requirements, and technological landscape to design an intuitive, functional experience for your mobile app.


Online Marketing consolidates Search Engine Optimization, social media marketing, blogging and everything in else in between, allowing your website to be optimized to get noticed and generate leads or referrals.

We only use safe and recommended methodology of engaging, closing, converting and entertaining your websites visitors.

Our role is to guarantee that your website delivers value to your business.


We offer business grade hosting for your websites and web applications on our enterprise infrastructure that is housed in some of the worlds most secure Data Centers.

We have web hosting available in Australia, London and Singapore to provide our customers an option that is close to where their viewers are located.

Contact us today and find out how we can be your end to end online partner.