Securing & Maintaining Your WordPress Website Together
WordPress is one of the worlds most popular web platforms. In fact, they estimate that 1/3 of ALL websites on the internet, is built on the WordPress CMS. Whilst I’ve always built websites using a range of options, I increasingly find myself drawn to WordPress.
However, WordPress sites are also the most targeted for malware, SQL Injections, spambots, viral attacks and more. Their universal code spread over 30% of the internet means that unethical elements of the online community only need to write a programme to attack a site once and it’s suitable for all equal installations of WordPress. There’s very little targeting in these attacks – think of it like a normal cold-and-flu virus. It will simply bounce from one person or website, to the next it comes into contact with, infecting all who have weakest immunity.
WordPress are very good with keeping on top of these evolutions in malicious code though, and routinely bring out updates and security patches to keep websites safe. The same can be said for the most popular elements of WordPress Plugins. A plugin is an element built into WordPress to perform a specific function – some plugins are as complex as a shop, whereas others are very simple text buttons added. The world of plugins is vast and deep, ranging from high-priced top-quality development work in action on millions of websites, down to poor quality and ineptly built cheap plugins. Just like WordPress itself, credible developers bring out updates and security patches on a regular basis to defend your website.
So far, so good, right? The WordPress community is targeted often (purely because of its visibility) but the frequent updates and patches from the core and credible plugins should continue to keep your site safe. That’s entirely true – provided the malware doesn’t reach your website before the update. However, websites are built on layers – thousands of them integrating with each other (think Tetris!). When one of those layers is updated, it affects all of those around and above it. If one of your plugins is set to automatically update with a fault – your layers are as useful as a house of cards in a hurricane. Even the most stable of updates on the WordPress platform can modify a layer one of your plugins uses, preventing them from integrating and working correctly.
Website security isn't just an issue of stopping the site going offline. Malware attacks frequently add content to sites as it's easier to do that edit existing content. How would your brand's reputation cope if there was pornography, credit-card fraud, or viagra ads on your site for two months before you noticed?
What's more, the site will constantly be scanned by Google and other search engines. This can have your company linked permanently to whatever type of spam is advertised on your site, or worse can get your website blocked from search history - prevent users from visiting it, and send all your emails to spam.
It's so much more than going offline. So how prepared are you?