WordPress security: why regular software updates should be your top priority

Why you should care about website security

You have a beautiful website. It generates sales, bringing a steady flow of customers to your business, filling your diary with bookings or filling your visitors’ shopping carts with your goodies.

And then one day, you don’t. Instead you have a flashing sign “Hacked by Robot.team!”, or worse, it’s full of porn.

without good wordpress security, your website can easily be hacked

Either way it’s a disaster. If you’re lucky, you have a back up and can restore your site with a singe click, if you’re not, you have lost all your years of hard work, not to mention all your customer data and breached their privacy.

Why do hackers hack?

You might have heard about cyberwarfare between governments, the military and large corporations, and think that your small business would never be the target of such attacks. After all, what would hackers want with your little website?

This is a misunderstanding of what hackers do and what they want. These days, a lot of hackers these days are part of organised crime rings and other distributed networks whose goal is to take control of many small websites. Once they have control of these sites they build “botnet” (roBOT NETwork) that can spread misinformation, send spam, affect search engine results, operate distributed denial of service attacks to bring down other sites, or mine cryptocurrency.

These hackers don’t care how insignificant your website is – in fact, smaller websites are better for them, because they are often unmaintained and unwatched, and they can take over hundreds  before anyone notices.

So your WordPress site’s been hacked

When your website is hacked, it’s not just a bad look for your customers. It can have all sorts of other costs.

  • You’ll need to restore your site from a clean backup. Do you have one?
  • If not, you might pay a consultant to clean up the malware, or even recreate your website from scratch.
  • Your website may be identified as infected by antivirus and other security software, which means…
  • Google may show a warning to people visiting your site
  • Your website may be delisted from Google’s search engine results
  • Some people may see warnings about email from you, saying it might be spam.

In the best case scenario – if you have regular backups – a website attack might only affect you for a brief period. But we’ve known other sites that have been affected for weeks, or that have never recovered.

How to secure your WordPress website

While open source content management systems like WordPress, Joomla and Drupal are great for building websites, their wide popularity means that hackers are more likely to poke and prod it and explore vulnerabilities. However just as quickly as these vulnerabilities are found, they are fixed with regular updates for both the core software and for the themes and plugins that websites use.

WordPress typically has updates to its core software every few weeks, and theme and plugin updates every day. You can see when there are updates available for WordPress, themes or plugins in your dashboard:

regular updates are the key to strong wordpress security

 

To update your WordPress website:

  1. Make sure you have a complete, recent backup of both your database and files
  2. Go to your WordPress dashboard
  3. Click on “Updates”
  4. Update the WordPress core
  5. Update any themes and plugins
  6. Apply any followup changes, such as database upgrades, that the dashboard may notify you about

We recommend updating your website at least once a week, but for known bugs or major WordPress updates we suggest keeping informed of any updates and applying them as soon as possible – ideally within a day. If you have multiple WordPress installations, you should of course repeat this process for each of them.

Flax Digital makes WordPress security easy

If all this sounds daunting, we can help. Flax Digital’s WordPress maintenance plan includes full, daily backups; professional grade security scanning of your site; as well as automated software updates (WordPress core, themes, and plugins) usually applied within 24 hours of release.

Want to know more? Contact us today.

Dorothy Krajewski

Dorothy works at Flax Digital part time, helping Alex build websites, create content and market events. She has been creating online content for over 10 years and geeking out over websites since the 90s.