Through 2016 and now into 2017 as WordPress has become more sophisticated and user-friendly we have seen a sustained rise in the number of attacks on WordPress. Many of these attacks have come in the form of brute force attacks on login forms.
There has also been a steadily increasing number of updates released for the WordPress core software, which in turn has increased the number of popular plugins which also produce more frequent updates.
On one hand, it is heartening that the number of updates has increased as this means that vulnerabilities are being patched more quickly.
On the other hand, this means that websites which have infrequent updates schedules or where there is no care plan in place remain vulnerable for longer.The longer a website remains without being updated the higher the threat of it being hacked, defaced, damaged or deleted.
Whenever we feel there is a sustained change in threat level to WordPress we ensure we update our clients with new advice and best practice recommendations.
Our advice to our clients is always a balance between the available statistics and our ‘feel’ of what is going on in the industry. Such as:
- The number of people that contact us because a site has been hacked or which is exhibiting unexplained behaviour
- The number and type of issues flagged by the security software we install on websites take care of
- Reports from companies such as Wordfence and Securi who work in the website security industry
- Industry press
- Talking with other agencies and gauging opinion
We have seen a noticeable increase in the number of new clients that come to us because their website has been hacked and blacklisted by search engines or had some kind of penalty imposed. Sadly often the case is that the client doesn’t have a recent backup that we can restore for them and there may be a significant cost associated with rebuild or repair of that site.
Those that have existing website care plans with us or whom we have built sites for in the past will know that we would have advised you at the time how frequently we consider you should update your WordPress website. Our general advice has been updated as follows:
Low traffic low importance website: Update & maintain monthly
Medium traffic, importance, e-commerce: Update & maintain fortnightly
High traffic, importance, high-value e-commerce: Update & maintain weekly/daily
Low traffic low importance website: Update & maintain every other month
Medium traffic, importance, e-commerce: Update & maintain monthly
High traffic, importance, high-value e-commerce: Update & maintain weekly
Firstly, don’t panic
Firstly, don’t panic. WordPress is still a feature rich, largely safe and easy to use content management system. Yes, it is true that WordPress has a larger number of attacks than many other content management systems, but it is important to keep this in context.
Approximately 30% of all websites active in the world run on the WordPress platfrom.
Approximately 30% of all websites active in the world run on the WordPress platform. As such it is reasonable to expect that there is a larger number of attacks reported. Please do not let this put you off using the system for your website.
WordPress remains the most user-friendly and simple to use content management system available. A large number of WordPress developers, agencies and plugin creators and maintainers mean that you have access to a well-maintained ecosystem for your website. Just keep it up to date and at the very least ensure you have regular backups made to a secure third party location.
Secondly, reduce the risks
We love how advanced content management systems have become over the last 5 years. The range of features and functions available via software like WordPress, Drupal and others have become truly game-changing. More than ever before, it is in the realm of possibility for an individual to run their own website and manage their own content.
However, over the last year, we have become increasingly aware of the importance of having even more frequent website maintenance and backups.
The cost of maintenance is largely insignificant next to the cost of repairing or rebuilding a website which has been hacked or deleted.
In addition to a regular care plan, we advise (and we install as standard) a firewall that detects and blocks a large number of malicious traffic to your website.
Contact us for free advice
We know that this can be a time consuming and technical side of website ownership and encourage any of you reading this that either doesn’t have a website care plan or who have not reviewed their plan in the last six months to contact us for a no-obligation discussion on 01903 527927 or using our project planner.
Our advice is free and our focus is on protecting your investment. Find out more about our website care plans, maintenance and updates here.
Latest posts by Paul Edwards (see all)
- A review of WordPress 4.9.6 ‘the GDPR update’ - May 16, 2018
- Website GDPR Compliance & Auditing - May 3, 2018
- Wordcamp London 2018 – Links to presentation slides (incomplete) - April 18, 2018