WordPress is one of the most widely used content management systems (CMS) in the world, used by a massive 27% of all websites*. You might be surprised however to find out that WordPress, along with Joomla and Magento were the most hacked CMS platforms from July to September 2016. Of all the hacked websites 74% ran WordPress, according to statistical data gathered by website security company Sucuri**.
This doesn’t mean that these platforms are insecure, just that webmasters have left themselves open to attack by failing to update plugins and themes on their websites. Even if you are running an up-to-date WordPress site, one outdated plugin can give hackers an entry point to exploit.
Themes and plugins will all require updating from time to time, usually when developers release security patches or add extra functionality. Each new release of WordPress will fix bugs, add new features, improve performance and enhance features to stay up-to-date with industry standards. If you are not updating your site regularly, your website is at risk.
To keep your site up-to-date and secure, you need to keep WordPress itself updated AND all the plugins and themes. You can do this one of three ways, manually, via automatic updates or by using a plugin. WordPress has a built-in update notification system so that when you login to your dashboard you can see the available updates. You can also opt for email notifications when a new update is released, or you can opt for automatic updates.
Backing up your site is critical; if you aren’t doing it you should be! Updates can sometimes break existing plugins; if your site is compromised either by a broken plugin or because you have been hacked, daily or real-time backups are key to restoring it to full functionality quickly and easily. Old backups with outdated themes and plugins will compromise your site further and require additional work to make your site secure and fully functioning again.
Updating and backing up your WordPress site needn’t be a headache. The easiest way to make a copy of your site is via FTP, but if you are unsure ask your developer to schedule regular backups and install updates as they become available. That way you can be assured that your site is both up-to-date and secure.
If you’re concerned that your WordPress site is not up-to-date give us a call, we can help. Of course, if you use MMD’s hosting service you don’t need to worry because we’re already taking care of this for you.
*W3Techs.com, 23 January 2017