Don’t get hacked! Update your WordPress plugins before it’s too late.
It used to be that hackers targeted corporate websites containing sensitive financial or customer information such as credit card numbers and personal information. In recent years, we have seen many small business clients, with relatively simple informational websites, hacked by malicious software. Hackers write code that automatically scans the web and identifies vulnerabilities within websites running older, expired software. Once a weak or vulnerable website is identified, the malicious code attempts to break-in. Once inside, the code infects the website.
You may ask, “Why would my website be a target for hackers if I don’t have any financial information on it?” Hackers aren’t just after financial information. Other reasons include:
- Hackers want to hold your website for ransom, effectively shutting it down until you pay them with Bitcoin or some similar hard-to-trace currency.
- Hackers may want access to the server where your website is hosted, and by gaining access to your website, they may be able to extend their hack to the server and all the websites that are hosted on it.
- Hackers may want to use your web account to send emails or host content hidden from view.
- Hackers may use your website to promote products or illegal content by hiding links inside your code, even though you can’t see it, it still can boost their content within the web.
So you see that it’s not just the larger e-commerce businesses that are targets, malware injections and hacking are a real threat to the security of your small business website too. The best way to keep your website secure from hackers is to keep your core applications and plugins up to date. Always update to the newest releases, which often contain security patches.
We’ve written about this before in various articles on website maintenance and it bears repeating. Security is an arms race. You can’t just set it and forget it. It’s an ongoing process to keep your site hardened against malicious bots, malware, viruses, hackers, cryptoware and so on.
If you have a lot of plugins that need updating, then we suggest a formal process:
- Set up a dev site or staging site or cloned environment for testing.
- Update all the plugins there.
- Test to make sure they are all compatible with each other and other customizations in your previous code.
- If all goes well, then you can deploy all the updates to the “production”, or “live”, environment.
Review your plugins on a regular basis, monthly or quarterly. Make sure you have a backup plan in place so that your database is always backed up offsite in case your server or hosting environment gets hacked or corrupted. You can use services such as Box.com, Dropbox.com, AWS, Drive, or more.
There are higher-end managed hosting services dedicated to various CMS platforms that handle a lot of the security for you. Some of our clients have had success with WPEngine for WordPress-specific hosting with high-security protocols in place, taking that task off your hands.