Someone asked me this very question yesterday. My initial knee-jerk response was: No. You’re not secure. Nobody is secure. Nothing is secure. Everything is impermanent. Relax, enjoy life, have a cookie.
But I didn’t answer this way, because the person asking me was a client, and that probably would not go over well. And really, it’s a good question, one that most everyone with a web site, or in fact any digital assets anywhere, needs to consider. How secure are your files? It can rapidly get quite complicated, but web sites are actually pretty easy to keep secure, as long as your needs are minimal.
For most of my clients, their website is primarily a marketing device. They aren’t maintaining health records or banking accounts, so the security they’re looking for is along these lines: Can someone mess up what’s on my site? This client did not have the latest version of WordPress installed. WordPress has a development blog in the dashboard, and Matt Mullenweg–that’s Mr. WordPress to you and me–had written a thoroughly convincing article pressing WP users to upgrade to the newest, as a recent bug was considered a nasty one. Since the client’s site is still under development, I explained that typically I’m averse to upgrading software in the middle of development, and that when we had started, we were then using the latest and greatest. But far more significantly, we had made a recent backup of both the files on the server and the contents of the database.
Beyond that, what more could we want?