Security: Open source, WordPress, ProudCity

Posted on August 11, 2021


ProudCity is proudly powered by open source technology. We embrace open source because it empowers us to be more innovative and build great products for local governments.

And, as the U.S. Department of Defense says about open source, “there are great benefits to be gained in reliability, performance, and security.”

Open source and security

There are still people in the world who believe open source is not secure. While this argument no longer holds water, we again defer to the Defense Department:

There are some misconceptions, however: for example, that open source software is not secure. Without delving too deep into this topic … consider that the single most popular web server software is, and always has been, open source: Apache. This code runs a vast swath of sites on the Internet. Do bugs come up? Of course! But they are often patched (fixed with a small amount of code) in mere hours after identification.

So, if open source software is secure enough for the U.S. Department of Defense, it’s secure enough for ProudCity.

WordPress and security

The core technology ProudCity uses is WordPress. ProudCity and the WordPress team take security very seriously.

From WordPress:

WordPress is a dynamic open-source content management system which is used to power millions of websites, web applications, and blogs. It currently powers more than 42% of the top 10 million websites on the Internet. WordPress’ usability, extensibility, and mature development community make it a popular and secure choice for websites of all sizes.

Since its inception in 2003, WordPress has undergone continual hardening so its core software can address and mitigate common security threats, including the Top 10 list identified by The Open Web Application Security Project (OWASP) as common security vulnerabilities.

The WordPress Security Team is made up of approximately 50 experts including lead developers and security researchers — about half are employees of Automattic (makers of, the earliest and largest WordPress hosting platform on the web), and a number work in the web security field. The team consults with well-known and trusted security researchers and hosting companies.

ProudCity and security

As part of the measures we take, ProudCity follows proactive security protocol recommended by WordPress including but not limited to:

  • Regular WordPress version updates
  • Using only third-party plugins from trusted sources
  • Regular third-party plugin updates
  • Recurring site back-ups
  • Secure login authentication

ProudCity also follows broader industry standard protocols to ensure the governments we work with are secure.

Updates to both the software and operating system are released to the ProudCity Platform every two weeks. Serious vulnerabilities, such as a WordPress core security update or the recent vulnerabilities are released immediately as a hotfix.

ProudCity employs additional optimization and software hardening based on industry best-practices. In addition, we thoroughly examine every plugin that is added to the platform to ensure that all websites remain as secure as possible.

And ProudCity provides what WordPress says are the “qualities of a trusted web host”:

  • Readily discusses your security concerns and which security features and processes they offer with their hosting.
  • Provides the most recent stable versions of all server software.
  • Provides reliable methods for backup and recovery.

ProudCity embraces a culture of openness. We leverage a large research and development ecosystem that takes security very seriously.

While nothing is ever 100 percent secure, we are safer — and more innovative — when we build together, in the open.

Close window