Maintenance. From making sure you change the oil in your car to having your HVAC system serviced each season, it seems like everything requires routine maintenance.
The same may be said of websites, particularly WordPress websites. WordPress remains the world’s most popular website platform. It’s used by hobby bloggers and large corporations. It’s flexible, made even more so by add-on components called plugins.
Like many software platforms, WordPress plugins often issue updates. Therein lies the maintenance issue. If you’re not keeping abreast of WordPress plugin vulnerability issues, plugin updates, and other much-needed site maintenance, you could be at risk for a security breach. And if that happens, you’re in for a world of trouble, ranging from customer account and credit card data stolen, sites hijacked and held for ransom, malware and malicious code injection issues, and more.
Fortunately, there are many solutions available to business owners. These solutions include low-priced, high effort solutions as well as low-effort solutions outsourced to Dashboard. Let’s explore the issues first and then the potential solutions.
What Are WordPress Vulnerabilities?
Just like the software running on your computer that allows you to create documents, spreadsheets, and presentations, WordPress uses thousands of lines of computer code to display websites.
WordPress developers are only human. Often, despite their best efforts, their code can contain errors or “back doors” – something in the code that can be exploited by bad actors looking for a way into the site.
Think of your WordPress website like your home and the code like the materials used to construct your home. Your home may be a sturdy shelter that keeps you warm and dry, but if the wood used on the doors and windows is weak, or you have an all-glass front door that’s not shatterproof, that’s a vulnerability that a burglar can exploit. A single tap to the pane of glass may be all it takes to gain access to the door lock – and then to your house.
Some vulnerabilities in the code are like that single tap to the pane of glass. They enable criminals to enter through the back door. Cybercriminals may look to steal valuable data to resell on the dark web: customer names, addresses, social security numbers, credit card information, banking information. Or, they may seek to use your virtual “home” for their own nefarious purposes. In this case, they leave something behind: code. This code, called malware, often redirects visitors away from your site to a target website. Sometimes it also infects the browser of your site visitors, which in turn, infects their computers.
Close the WordPress Back Door: Update Plugins, Themes, and Cores
As these vulnerabilities become apparent, WordPress and companies developing themes and plugins for WordPress release patches. Patches fix whatever coding mistake, error, or loophole is found in the existing code.
When such patches are issued, a notice pops up in the administrator dashboard on a WordPress site prompting you to update the theme, plugin, or core.
The problem is that most business owners rarely log into their websites. Instead, they let weeks, months, or even years (!) elapse before checking the site – leaving vulnerabilities exposed.
Other issues beyond forgetting to update your site that can leave your site vulnerable include:
- Improper site setup, especially of e-commerce websites: We plan to share another article in the upcoming weeks especially for e-commerce site owners on just this topic. Setting up an e-commerce website requires more than adding a few plugins. If the site is not set up properly, many vulnerabilities may exist that give cybercriminals multiple points of entry to your site. This is where having a professional digital marketing agency build your e-commerce site helps prevent many problems later on.
- Too many plugins: Some experts believe sites shouldn’t run more than a dozen or so plugins. If your site is entirely based on plugins cobbled together to get the functionality you need, you’ve got a lot of possible vulnerabilities.
- Keeping unused plugins: Another vulnerable area are plugins that are deactivated but still in the site’s admin portal. Why keep them if you aren’t using them? Delete unused plugins if you are sure you aren’t using them or need them.
- Keeping unused themes: The same goes for keeping multiple themes in the background. You can easily re-add any WordPress theme you need. If you are sure you aren’t using a theme, delete it. Please be sure you aren’t using a theme, however. Some frameworks such as Genesis and Graphene are required to run other themes, so check with your webmaster or Dashboard before deleting things if you aren’t sure.
Other Elements of Website Maintenance: Call in the Professionals at Dashboard
Proper WordPress site maintenance is more than clicking “update” when prompted. It includes keeping abreast of vulnerability reports and checking on outdated plugins. For example, if plugins are not kept updated by the parent company, they age – and with age comes the opportunity for cybercriminals to tinker under the hood and test nefarious ways of infecting your site via the plugin.
The same goes for plugins added by developers in other countries. Some may be fine, but others may be questionable. This isn’t specific to any one country, but it can be an indication of a possible vulnerable area of your site.
Contact forms are notorious sources of infection. Email addresses are also potential entrees for cybercriminals if they can be easily scraped and used for phishing expeditions. Lastly, keeping the site free from possibly infected comments on blog posts or pages is also part of site maintenance.
Sounds like a lot? Feeling overwhelmed? Dashboard Interactive Marketing can help you build or fix aging websites that may be vulnerable to cyberattacks. Let us know how we can help you with your business or e-commerce website. Call 763-242-2454 for a free consultation to discuss your website needs.