How do I keep my WordPress website secure?

WordPress - November 11 by myzone

It can be detrimental to a business when its website gets hacked.  Not to mention it’s time consuming to resolve the issue, a strain on your internal resources (and/or wallet), and reflects poorly on your brand perception, impacting the trust you’ve established with your customers.

Nowadays, site security is standard practice and should be a part of your overall website maintenance. Fun fact: more than 38% of the web is built on WordPress. The sole reason which makes WordPress so popular is it’s open source approach. What does that mean? Anyone can use it and anyone can build on top of it. The good news: the cost of building your website, even with advanced functionality, is much less than with other platforms. The bad: your site can be prone to hackers and security diminished. However, with routine maintenance and keeping your plugins updated, you can prevent more than 95% of targeted hacking attempts!

Let’s dive in! 

Why did my site get hacked?

This is a common question clients will ask us. Generally they follow up with “well we are just a small company and our site is information based. We don’t need to be secure because we don’t sell anything on it.” Well, in general hacking is not personal and in 99% of cases not targeted at all. Yes there are ‘bots’ that are exploiting specific vulnerabilities to extract personal information, emails or other sensitive data. However, sometimes hackers just do it for fun. It’s not necessarily the answer you want to hear but sites can be hacked just because they can and we can’t always figure out who did it. 

How do hackers find websites to hack?

Generally if the site isn’t maintained, the hackers will find it eventually. Hackers create scripts that search for vulnerability in WordPress plugins and themes. As soon as they find them, hackers scan WordPress websites to see if that plugin is being used by a technique they call Google dorking.
The term ‘Google dorks’ has been around for quite some time and is used for specific search queries that use Google’s search operators, combined with targeted parameters to find specific information. What this means is that hackers are finding sites to attempt to breach by searching for them through google. 

You can check the current list of vulnerable plugins on the site: https://wpvulndb.com/  

How often should my site be updated and can I do it myself?

Best practice dictates that updates should be completed as soon as they are released. However, considering that new versions of all plugins are updated daily, this is often not doable. The next best option is to ensure updates are done once to twice a month.

It is important to backup of your site before updating WP or plugins to a newer version. Sometimes updates can cause issues and your site will need to be reverted back to the previous version. 

In case a new version of WordPress is released, make sure to first update the core of WordPress and then plugins and themes. This is important to ensure compatibility between the plugins and WP version you are currently using.

WordPress updates are relatively easy to complete yourself. Though clicking the “update” button might be easy, resolving issues that could arise during the update might not. Therefore we suggest all maintenance and updates are done by somebody that has the knowledge of WordPress and site development. For example, a major WordPress release may not be compatible with plugins and in some cases plugins will need to be replaced with custom code or another plugin. The advantage of having a professional is that they will update in a test environment with proper backups and knowledge about compatibility. 

Why will you love our maintenance packages? 

First, let’s clarify some common misconceptions. It would be extremely costly to ensure the website is 100% secure, even the companies investing millions into security occasionally experience security breaches. That being said, we can get as close to being 99.9% secure as possible with a minimal investment. 

Our Support & Maintenance packages are built to perfectly balance the budget & level of security that benefits your business. The service includes a real person managing your website using a suite of tools such as automated security checks, automated backups and performance monitoring. Our team will get notified if anything is wrong and we will react fast, most often before you even notice a problem. The key is to avoid the issue appearing on the website in the first place, which is why the core of our WP Support & maintenance packages are frequent WordPress & plugin updates.

Read more about how we can help you to keep your WordPress site secure and give you the peace of mind you deserve with our Support & Maintenance packages.

Additional advantages of keeping your site updated

Not only that it will keep your website safe, but WordPress developers use these updates as a way to improve the performance and speed. Furthermore, updated plugins come with improved functionality that increases code and queries processing speed. Finally, this makes the entire site run faster and results in better performance. Improved site performance can significantly influence your website SEO, conversion rates, as well as the customer’s overall impression of your brand.

I want to know more…