Protecting WordPress Websites from Hacking
Website hacking reports on the nightly news in 2018 have become so common; they barely draw a yawn from many viewers. Website owners need to pay attention! It’s not just the mega companies and government websites that are targets of hacking.
Early adopters of the internet, many of which may have never updated their websites face a new more malicious world when they finally replace their outdated HTML websites with modern WordPress websites. WordPress’s worldwide use supporting the largest percentage of CMS-driven websites places any website built using the WordPress platform clearly in the sites of hackers.
New WordPress users may be surprised by the number and frequency of updates released annually, both for improvements and to shutdown newly found security exploits. Each new version of the WordPress core files is quickly followed by a flurry of updates from the thousands of actively managed plugins in order to maintain their compatibility. What website doesn’t use a contact form 7, Yoast SEO and WordFence security plugins as a bare minimum? Updating often seems never-ending!
As a webmaster educating new clients about the perils of the internet is not a task I take any pleasure in, least of all informing clients about the daily risks their very own websites are subject to. Advising clients to take the best available precautions is a responsibility we take very seriously.
In the earlier days of internet-connected-PCs, they often became riddled with viruses. Through the years we’ve learned to keep our PC software current with the latest releases geared more at closing security holes that allowed attacks than adding functionality and improving our user experience. We learned to install and constantly maintain Anti-Virus software to the latest annually released version. Connected to the internet these Anti-Virus programs automatically download the latest lists of viruses to help protect us from Malware infections which cause machine downtime and lost productivity.
Websites themselves are the targets of malicious activity today. Hackers exploit websites for many reasons. To send junk email and inject your website with pages containing links to low-quality websites. Infect your website so that anyone visiting your site is subject to having their PC infected. Hackers even hijack websites to commandeer the power of web servers to use in Bitcoin & Cryptocurrency mining activities.
What’s The Worst That Can Happen If I Don’t Keep My WordPress Website Up-To-Date?
The consequence of not updating your websites software is that the site may be hacked and compromised. In a worst-case scenario, to the point where you could have to rebuild your website. To date, we have not completely lost a website to hackers. We have had to manually clean up and repair several each year, over the past five years.
Once a site has been compromised it cannot only stop it from functioning… it can infect your website visitors PCs, harming your company’s reputation and expose sensitive data to the public. A hacked website can also place other websites hosted in the same shared hosting environment at risk, for this reason, serious providers will require you maintain your software monthly to the latest released versions.
The WordFence Security Plugin is installed in every WordPress website we build. Security plugins help keep hackers at bay but do not completely eliminate the risks. If your WordPress core software is outdated, WordFence may not stop attempts to exploit the holes in your websites armor. If your logins are Phished, it’s game on for the exploitation to begin.
For several years we have offered a full-service WordPress Management Program. While this service is ideal for busy clients with a budget to cover the monthly service fee, some don’t derive enough value from their website to justify more than minimal ongoing expenses. In these cases, an auto update plugin can be used to keep the website up-to-date.
Are There Any Risks To Updating WordPress on My Website?
There are some inherent risks with updates, they may not be compatible with one another. Conflicts can break your website and even shut it down. With our WordPress Management Program we check to make sure that post update, your website is still functioning and take corrective action when problems occur. We also maintain a full year worth of backups in case your site is hacked and either malicious software lies dormant and/or goes unnoticed for an extended period.
In the event the site would be broken as a result of an update, we can try to restore it from a local backup which is a standard part of our hosting accounts (a few daily, weekly and one monthly backup are stored). For those that opt for our WordPress Management Program, we also maintain 12 monthly backups off-site to have a deeper fallback ability to restore their sites in the event they are compromised.
More about WordPress, Web Sites, and Hacking:
To learn more about malicious activity on the internet and the risks for all websites including WordPress websites, you can read the articles you’ll find using the links below.
- Ask Wordfence: Why Is an Insignificant Site Like Mine Being Attacked? ( A March 2018 article directly addressing why your site is a target)
- Hacked: How Business Is Fighting Back Against the Explosion in Cybercrime (A 2017 Fortune article, see in particular the last paragraph “When it comes to hacking, a penny of offense can defeat a dollar’s worth of defense.”)
- 30,000 Web Sites Hacked A Day. How Do You Host Yours? (A short article on Forbes.com from 2013 that explains the situation well)
- HOW WORDPRESS SITES GET HACKED (AND WHAT TO DO ABOUT IT) ( A more in-depth article from 2016)
Seems like a dumb question huh? Don’t be so sure, the info-graphic below will educate the uniformed about basics of websites, domain names, hosting, platforms, themes, plugins and more.
High-quality hosting has everything to do with search engine rankings. Since the beginning of search engine optimization as a practice by amateurs and professionals alike, there has always been a discussion regarding what kind of neighborhood ( hosting environment) in which your website resides. The thought at that time was that your website should be hosted on a server that was considered a good neighborhood. By good neighborhood early SEO specialists were implying that your website should not be hosted on the same server with spammy websites , defamatory websites, pornographic websites, copyright infringing websites or any other type of low quality website.
Today Google has even directly stated that not only should your website be hosted in a good neighborhood, but that the speed of your server may impact your rankings in their search results. Google has long stated that their primary goal was to give their users ( searchers) the best user experience. Part of the user’s experience is the time the searcher has to wait for their search results to appear in the search result pages. The next step is the time required for your page to load after the blue link in Google’s results has been clicked. Google has stated that faster loading pages make for better user experience. They factor in the response time of your server, compared to the response time of competitive websites in your market, when determining how all relevant websites will rank.
Research for yourself on the internet, many pundits have stated that 57-80% of your visitors will use the back button on their browsers and abandon your web page if it doesn’t load within 4-8 seconds. I’m one of those that will be gone; I can use the back button and click on the next search result much faster.
Not all hosting environments are equal. The nature of the hosting business, is the fact that most hosting control panels will accomodate an unlimited number of accounts, independent of the actual space used by each account. This allows companies focused on hosting activities to over-sell their servers. They’re able to do this and promise new customers unlimited storage and unlimited bandwidth, knowing full well that the average customer will in reality use little of each. What over- selling does is allow the hosting companies to maximize their profit from each server, even though each client uses only at a small portion of the server’s resources. Consider that thousands of websites may be hosted on one server, and you can easily understand why their servers are kept working at or near capacity. This will often cause delays at the most critical time: when your web pages are called.
- New Auto Repair Website Launched!
- Is your website keeping pace with Google?
- Web Design & Internet Marketing Infomercial
- New Dentist Website Design Launched
- 30 Second Infomercial
- One Sky Media Door Wars appears to have taken Over at Motor Mania TV!
- Hot Off The Presses – New Accounting Website for Longtime Client
- Commercial for Immediate Release
- Beautiful New Site as we Approach our 10th Anniversary Working Together!
- JUST LAUNCHED – New Mid Atlantic .90 Association Racing website design!