WordPress security is a vitally important subject for millions of websites and businesses. It is so important to keep the software up-to-date. Unfortunately, the message doesn’t seem to be getting out there loud or clear enough. Either that or it’s not being heeded. Very recently this has resulted in a perfect storm and a lot of hacked websites.
Very recently WordPress issued an update to version 4.7.2 due to insecurities found in version 4.7.1 and before. As with all computer software, you absolutely must keep WordPress up-to-date. Unfortunately, many hundreds of thousands of website owners have not heard or listened to this advice and have been hacked at almost epidemic levels.
Whilst many security issues have previously been identified and rectified with updates to WordPress over the past 10 years. None have been exploited to this level yet. The problem with this one is that the recent security hole seems particularly easy to exploit if you are a hacker with nefarious intentions.
when you do not update your WordPress site, you are risking your website security and missing out on new features / improvements.WP Beginner
There is one simple message that everyone needs to learn over the coming months as all software is being probed for weak points by hackers and that is:
Keep WordPress – no, ALL – of your software that you use for your business up-to-date!!!
Recent events show how important it is to keep your critical business software updated and maintained regularly.
One of the largest WordPress related online publications has covered this topic extensively over these two blog posts:
The above links are from just one media outlet as many have jumped on this news story. However, all of this could have been avoided if people took their website security seriously.
If you are thinking that this is just a WordPress problem, think again. Drupal, Joomla, Magento and all other popular content management software have had their share of problems recently. The additional burden on WordPress and one that makes it a particular target is that the platform is so popular (over 26% of all websites use it) and therefore a focal point for many hackers.
Some people are blaming WordPress for the hacked websites, some are blaming the company who publicly released information on the vulnerability within WordPress (a week after the fix had been out in the wild). It is a natural part of todays global culture to find blame somewhere other ourselves.
I have spoken to so many people about the need to keep their WordPress websites secure. Particularly those who don’t want to pay for a professional web company to manage this for them. We (at The SeedMill) provide documentation, answer questions about the results of a hack and what this could mean for them, We advise on freeing up resources within their business in order to take their website platform maintenance seriously. Yet, in spite of this, a lot of those same business owners fail to do so and I suspect nearly all of them will have been caught out by this recent hacking spree. It is unfortunate, but let’s not blame others, especially when we are given the tools and knowledge on how to avoid situations such as this.
Solutions to WordPress security issues
We always advise that our clients keep their websites updated, even those we don’t have regular contact with. We make sure that we produce documentation to help them keep their websites up-to-date (if we’re not managing this for them) and it wasn’t so long ago that I wrote an in-depth blog post on how website owners can keep their WordPress websites up-to-date. Read our blog post on WordPress website security here.
We can also take this process over for you and minimise your risk by offering Care Plans where we take all of the burden of doing this out of your hands. Under our Care Plans we will keep your website safe by keeping it up-to-date on a daily or weekly basis and monitor for security at regular intervals. We will also fix issues found should your website be hacked. This obviously takes our time and years of experience, hence our monthly fees on this. It’s money well spent, but, unfortunately, many businesses will only realise this after they have been hacked. The problem is that by then ‘the horse has already bolted’.
Unfortunately, the result of a hacked website will mean a large fee in cleaning up after it. It is also not the most engaging work for a web professional to have to take on. I would be quite happy never having to clean up after a hacked website ever again, no matter what I was paid for it. I would much prefer that people prevented this from happening, or took out maintenance with us, so that we could do it for them.
So, if the message isn’t already loud enough and clear enough: