Altis Security

Altis is a WordPress digital experience platform built with cybersecurity best practices and fortified against vulnerabilities, for complete digital peace-of-mind. But is WordPress secure?

With its over 60% market share amongst content management systems, WordPress undoubtedly makes for an attractive target for cyberattacks. Their success, however, is mostly determined by outdated core software, or vulnerable third-party components.

  • 94% of successful cyberattacks against CMS-powered websites in 2019 targeted WordPress.
  • However, 49% of these WordPress installations were outdated at the point of infection.
  • No more than three major third-party components combined accounted for over 56% of these attacks – because millions of sites were using them, just not the latest, patched version.

What makes WordPress secure?

  • WordPress powers over 36% of the top ten million websites today – which makes it one of the most heavily scrutinized pieces of software on the world wide web.
  • Unlike closed source software, WordPress’ codebase is regularly and publicly reviewed by thousands of developers worldwide, significantly limiting security issues.
  • WordPress’ security is overseen by a world-class team of experts including lead developers and security researchers who regularly contribute fixes and audit new code before it is merged with the WordPress core software.

Altis augments WordPress’ security

With granular access control and tamper-resistant activity tracking, Altis adds a powerful layer of additional security features on top of WordPress.

Access control

Managing entry on your platform helps you create additional barriers to illicit access, and manage changes made on a per-user basis.

Strong password enforcement

Minimum password requirements prevent unauthorised access. Altis’ strong password enforcement also enables you to add additional strength checks, creating tailored and unique password enforcement standards for your organization.

Two-factor authentication

Block unauthenticated log-in attempts on your platform with two-factor authentication (2FA), providing an additional layer of security for access to your network. Two-factor authentication is enabled by default on all Altis platforms, and enables you to set requirement options per user.

Single sign-on (SSO)

Log in to all your tools and applications without re-entering passwords with single sign-on, speeding up processes and reducing time wasted on manual tasks. This is a built-in feature that integrates with already established systems allowing your teams to login once via a single interface and access everything they need instantly.

Activity tracking

Monitoring the activity in your CMS is a necessary step to ensure you can track changes by every user on your platform, supporting auditing and compliance processes.

Altis’ audit log keeps a tamper-resistant account of every change made inside Altis CMS, providing a historical record of changes for auditing and compliance purposes.


For a technical overview on Altis’ security, check out our developer documentation.

Is WordPress secure enough for global brands?

WordPress has long outgrown its roots as a blogging tool. Today, WordPress powers enterprise multi-experiences from corporate multi-site, multi-language networks to mobile apps.

Talk to us about your next project!

Contact us