It shouldn’t take a recent warning from the US Federal Bureau of Investigations (FBI) to alert users of WordPress-hosted websites of the imminent danger posed by hackers. However, the FBI’s warning has gone a long way in reminding individuals and businesses of the responsibility to secure their online asset by all means necessary, across the world.
Today, WordPress has moved on from being a simple blogging platform to a renowned content management system. Thus, unlike 5 years ago, many businesses now own a WordPress site. As a result of its popularity, WordPress has now become an easy target for would-be hackers and malicious individuals who try various techniques to take advantage of potential vulnerabilities and exploit any loopholes they can find in order to bring down a site.
What’s more worrying is that the methods being employed by hackers are not selective. Hence, they do not necessarily have to target specific websites e.g. by name or type. Instead, they randomly choose their victims sometimes on a global or national scale. Thankfully, due to regular research carried out by security companies, there are ways to limit the susceptibility of your WordPress website to these and other similar attacks.
WordPress Plugin Threat
We now know that the vast majority of WordPress hacks happen as a result of Plugin vulnerabilities. That shouldn’t be a surprise since the WordPress platform tends to encourage the use of plugins so as to remain multi-dimensional and universally accepted. The downside to this is that as a free and open-source software the vast majority of WordPress plugins are from third-party developers some of whom are individuals who may or may not have the time necessary to keep abreast with security lapses and react accordingly. So, why are WordPress plugins so popular, one might ask? Unfortunately, there is no easy answer to that question. Perhaps, the most plausible answer is that the average website needs more than just the basic WordPress functionality to work according to the desire of its owner. Consequently, whilst they are not absolutely necessary for a website to function, it is quite normal to find a site with at least 5 third-party plugins installed. Indeed, at the point of writing this article, there are currently 38,389 plugins with 954,889,493 downloads in the WordPress Plugin Repository. However, as suggested earlier, that is not a problem on its own. Rather, the problem is when a plugin is not updated regularly.
Lack of regular updates and maintenance leaves a WordPress sites automatically susceptible to malicious attack thereby making it very easy for hackers to take control of the system. Only last year, according to security company Securi, an outdated third-party WordPress plugin was responsible for an attack on more than 100,000 websites thereby resulting in Google blacklisting over 11,000 domains. If one outdated plugin could do this to tens of thousands of websites, then one could only imagine what the presence of more than one outdated plugins could do.
The best way to protect your website from the consequences of a security breach is therefore to ensure your WordPress site is regularly maintained and all installed plugins are up-to-date. Thankfully, WordPress and many free and premium plugins tend to release security patches and updates to tackle identified loopholes on a regular basis. However, these security patches still have to be installed promptly to reduce any gaps that can be exploited between a major security release and website update.
Keeping Your WordPress Site Secure
There are generally two ways to keep your WordPress site secure. First, is follow the steps provided in this article on DIY WordPress security. The second option, which we will briefly look at in this article, is to let someone else do it for you. Whilst the second option might cost a few pennies, it means that you won’t have to worry about finding time out of your busy schedule to worry about updating WordPress and all the plugins on your site or following a list of procedures that can be sometimes confusing or difficult to understand to keep your site in order. It also means someone else will have to worry about staying informed about potential security lapses and dealing with them as and when they happen. As you will find, Internet Creation already caters for the second scenario with a service that will take care of your website security namely; website support, maintenance and backup. These three areas are necessary to give every business complete peace of mind especially when it comes to website security. For example, with web support training could be offered to staff and management on how to work with their system if/when something goes wrong. Maintenance ensures that the hired company can take full control of your website, whilst backup means that in the event that you lose important data, your website can be restored back to its original state.
Feel free to leave a comment below, email or telephone us if you have any feedback or require further information or assistance on this topic. Thanks for reading.
This is the second post in our three-part series on WordPress security. The first article was titled Consequences of a WordPress Security Breach and the third article is titled 10 Practical Ways to Keep your WordPress Site Secure.