Protecting WordPress Websites from Hacking
Website hacking reports on the nightly news in 2018 have become so common; they barely draw a yawn from many viewers. Website owners need to pay attention! It’s not just the mega companies and government websites that are targets of hacking.
Early adopters of the internet, many of which may have never updated their websites face a new more malicious world when they finally replace their outdated HTML websites with modern WordPress websites. WordPress’s worldwide use supporting the largest percentage of CMS-driven websites places any website built using the WordPress platform clearly in the sites of hackers.
New WordPress users may be surprised by the number and frequency of updates released annually, both for improvements and to shutdown newly found security exploits. Each new version of the WordPress core files is quickly followed by a flurry of updates from the thousands of actively managed plugins in order to maintain their compatibility. What website doesn’t use a contact form 7, Yoast SEO and WordFence security plugins as a bare minimum? Updating often seems never-ending!
As a webmaster educating new clients about the perils of the internet is not a task I take any pleasure in, least of all informing clients about the daily risks their very own websites are subject to. Advising clients to take the best available precautions is a responsibility we take very seriously.
In the earlier days of internet-connected-PCs, they often became riddled with viruses. Through the years we’ve learned to keep our PC software current with the latest releases geared more at closing security holes that allowed attacks than adding functionality and improving our user experience. We learned to install and constantly maintain Anti-Virus software to the latest annually released version. Connected to the internet these Anti-Virus programs automatically download the latest lists of viruses to help protect us from Malware infections which cause machine downtime and lost productivity.
Websites themselves are the targets of malicious activity today. Hackers exploit websites for many reasons. To send junk email and inject your website with pages containing links to low-quality websites. Infect your website so that anyone visiting your site is subject to having their PC infected. Hackers even hijack websites to commandeer the power of web servers to use in Bitcoin & Cryptocurrency mining activities.
What’s The Worst That Can Happen If I Don’t Keep My WordPress Website Up-To-Date?
The consequence of not updating your websites software is that the site may be hacked and compromised. In a worst-case scenario, to the point where you could have to rebuild your website. To date, we have not completely lost a website to hackers. We have had to manually clean up and repair several each year, over the past five years.
Once a site has been compromised it cannot only stop it from functioning… it can infect your website visitors PCs, harming your company’s reputation and expose sensitive data to the public. A hacked website can also place other websites hosted in the same shared hosting environment at risk, for this reason, serious providers will require you maintain your software monthly to the latest released versions.
The WordFence Security Plugin is installed in every WordPress website we build. Security plugins help keep hackers at bay but do not completely eliminate the risks. If your WordPress core software is outdated, WordFence may not stop attempts to exploit the holes in your websites armor. If your logins are Phished, it’s game on for the exploitation to begin.
For several years we have offered a full-service WordPress Management Program. While this service is ideal for busy clients with a budget to cover the monthly service fee, some don’t derive enough value from their website to justify more than minimal ongoing expenses. In these cases, an auto update plugin can be used to keep the website up-to-date.
Are There Any Risks To Updating WordPress on My Website?
There are some inherent risks with updates, they may not be compatible with one another. Conflicts can break your website and even shut it down. With our WordPress Management Program we check to make sure that post update, your website is still functioning and take corrective action when problems occur. We also maintain a full year worth of backups in case your site is hacked and either malicious software lies dormant and/or goes unnoticed for an extended period.
In the event the site would be broken as a result of an update, we can try to restore it from a local backup which is a standard part of our hosting accounts (a few daily, weekly and one monthly backup are stored). For those that opt for our WordPress Management Program, we also maintain 12 monthly backups off-site to have a deeper fallback ability to restore their sites in the event they are compromised.
More about WordPress, Web Sites, and Hacking:
To learn more about malicious activity on the internet and the risks for all websites including WordPress websites, you can read the articles you’ll find using the links below.
- Ask Wordfence: Why Is an Insignificant Site Like Mine Being Attacked? ( A March 2018 article directly addressing why your site is a target)
- Hacked: How Business Is Fighting Back Against the Explosion in Cybercrime (A 2017 Fortune article, see in particular the last paragraph “When it comes to hacking, a penny of offense can defeat a dollar’s worth of defense.”)
- 30,000 Web Sites Hacked A Day. How Do You Host Yours? (A short article on Forbes.com from 2013 that explains the situation well)
- HOW WORDPRESS SITES GET HACKED (AND WHAT TO DO ABOUT IT) ( A more in-depth article from 2016)