Is WordPress secure enough for a multi-user article directory?

WordPress is only as secure as you make it. Open registrations should not be a problem if you:

  1. Use CAPTCHA for registrations.
  2. Use double opt-in: have users verify their email after they register. By default, registered users must be subscribers and after they are verified, you can set them as authors.

WordPress users cannot by default hack/destabilize the installation. Your main concern would be external hackers. Use all the hardening that you can and be wary of upgrading WP.

There are many websites that trust WP for such a setup. I think http://net.tutsplus.com/ also uses WP – very effectively too. 🙂

Related Posts:

  1. Only allow administrators and editors to access wp-admin
  2. Only allow administrators and editors to access wp-admin
  3. Restrict Author role to only 3 wp-admin pages
  4. Logout USER form backoffice after 30 minutes of inactivity [closed]
  5. define two login page url
  6. How to check if a user is in a specific role?
  7. Can I rename the wp-admin folder?
  8. How to prevent access to wp-admin for certain user roles?
  9. Check if user is admin by user ID
  10. Restrict admin access to certain pages for certain users
  11. What is the best method to close off the backend?
  12. Change Login URL Without Plugin
  13. Share same domain for wp-admin but for different website
  14. Securing wp-admin folder – Purpose? Importance?
  15. Can I rename the wp-admin folder?
  16. create users to site with specific language
  17. Prevent from deleting any user role but subscriber
  18. Set “Display name publicly as” to be usernames by default
  19. What is the capability that permits access to WP-Admin?
  20. Options for restricting access to wp-admin
  21. Moving wordpress from localhost to server throws admin panel access error?
  22. How to get the password and username of the add new user form (admin back end) in wordpress
  23. Displaying which Role the current user is assigned to
  24. How to change “wp-admin” to something else without search-replacing the core?
  25. 500 Internal Server Error after Register dialog, but with successful registration
  26. Is there a way to set the user Role based on email domain
  27. How to hide a specific user role option in a user role list?
  28. How to customize wp_signon()
  29. Adding HTML/Text to Top of Subscriber’s Profile Backend Page
  30. Block access to wp-admin
  31. Custom role based users are not able to access wp-admin
  32. Restricting access to content
  33. Change WP-Login or WP-Admin
  34. How to inhibit dashboard and profile management access to normal users?
  35. Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
  36. Custom roles showing HTML entities in title form field
  37. Users Unable to Access Dashboard/Posts/Pages
  38. FORCE_SSL_ADMIN not working
  39. Can’t access WordPress as an admin – but I can log in as a user!
  40. Limit access to wp_admin
  41. Redirect non-admin users away from wp-admin/index.php (main dashboard page) to wp-admin/profile.php
  42. I want to disable login of admin (/wp-admin) with email and make it accessible only with username
  43. password reset link being sent as HTTP?
  44. Allow administrators to pick post author on custom post type edit screen
  45. admin_post action not usable if admin access denied to user
  46. Adding Custom Capabilites
  47. How to Change The WordPress Login URL Without Plugin
  48. Displaying different in-page content to cliente/admin
  49. Why is unfiltered_upload not working despite being enabled?
  50. How to create user specific pages (not user role!)?
  51. 404 redirect wp-login and wp-admin after changing login url [closed]
  52. Do I have to face security problems if I changing default role to Contributor
  53. Hide username discovery
  54. I can´t access my admin panel. I tried all possible solutions
  55. Lost administrator privileges and can’t find a fix
  56. Restrict Access in Admin Panel
  57. Downgrade admin account by mistake
  58. How to set where user is redirected to after logging in at wp-login?
  59. How to remove dashboard access (wp-admin) for author but not disable the capabilities?
  60. Efficient way to check local WordPress php files and Database for malicious code? [duplicate]
  61. Deploying WordPress for clients – what do they have access to?
  62. Renaming wp-admin without hard-coding it. Is it really possible?
  63. Need help for WordPress User Session Management?
  64. How to Find The Email of a WP Admin Account
  65. Developer/Designer asking for admin access
  66. User Capabilities are not available in WP REST permission callback?
  67. Change users.php WP_User_Query
  68. User Roles: How to hide a plugin from showing in WP-Admin?
  69. How to create a front facing user sign up, log in and profile pages like FoodGawker.Com [closed]
  70. Newly created user role not displaying on users screen
  71. How to add a field on the user creation page?
  72. Admin Page access
  73. How to check if a user is in a specific role?
  74. Not able to access WP Admin, it says “Sorry, you are not allowed to access this page.”
  75. How to make WP page accessile only to specific user roles
  76. How to logout the current user without notices and warnings?
  77. Link with password is not sent to the new user
  78. Give wp-admin access for shop managers
  79. restrict admin panel sections to users
  80. Can I rename the wp-admin folder?
  81. CSRF attack to create USER
  82. adding existing menu page on new customer user role
  83. Unable to Add User after Site Migration
  84. Localhost install: Administrator lost administrator access; cannot access Dashboard
  85. Can I rename the wp-admin folder?
  86. Filter and validate user role in registration
  87. Why WordPress not logout after I have close my browser?
  88. Impossible User Registration
  89. How to protect wp-admin from third party access?
  90. file upload user profile
  91. Couple questions about .htaccess, login page, updates
  92. WordPress blog fails to open
  93. Is it possible to tell if a user is logged into WordPress from looking at the cookies which are set?
  94. Extend user search in the users.php page to allow for searching by role and excluding specified email domains from the “users search” input box
  95. After Upgrade: $user becomes unknown (id: 0) after successful login?
  96. Only Admin receives email
  97. is exposed wp-admin site a serious security vulnerability
  98. how to Hide all products except the General Manager role in the WordPress admin panel?
  99. Disable sticky posts feature
  100. Can’t access wp-admin after http to https change
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)