WordPress simple to use, not so simple to protect


Most people who have a website nowadays will have a CMS system in place which is an acronym for Content Management System allowing website owners to simply and easily update and add to their site, WordPress is the most commonly used CMS system this site been a example!

Before CMS systems were common place people got a website built and it pretty much stayed static with “changes” requiring a developer to get involved and often at a cost or perhaps 2 changes per year were allowed.

So while the move to CMS systems has made websites more dynamic and easy to add to or change the developer is very often forgotten after the initial design, that is if a developer has even been involved with many people simply installing WordPress and selecting a theme and proceeding to make the site live.

Sounds nice and simple right? Yup it is, however there is a “BUT”,

But what about keeping the site secure? Most CMS systems require regular upgrading as vulnerabilities are discovered, this is especially true for WordPress, if your site isn’t upgraded you risk the site been hacked which can result in malware infection, defacement, loss of data or having your site used to send spam email.

So who is responsible for keeping your site updated? You! Yes that is correct the website owner is responsible.

But a developer installed my site I know nothing about it? Well then you need to get your developer to keep the site updated or your hosting company if they provide that feature.

But that costs money! ? Yep, sadly someone has to do it and if it’s not you then you need to pay someone.

What if I just hit the Upgrade button in the admin section of my site? That’s certainly a good start but are you sure your theme etc are compatible with the latest version?

Ok I hit upgrade I’m on the latest version and my site looks fine am I done? Nope, you also need to keep the plugins updated along with the themes.

Ok I’ve updated all my plugins and themes now am I done? For now yes but you need to do it on a regular basis.

How often do WordPress release versions? It varies but can be anywhere from once a month to once a quarter.

I have loads of plugins some of which haven’t had any updates in a long time? Well then you need to consider is the plugin safe to continue using, it can be hard to know if a plugin is secure but a good rule is if it hasn’t been updated in over a 6 months its time to consider if you really need it or if an alternative is available, remember to delete any plugins that aren’t in use.

So updated WordPress and plugins and themes and removed old plugins am I done? Almost, you need a password policy, i.e. complex passwords that are changed on a regular basis and you might want to consider disabling (not deleting) the admin user and creating a custom username. Also remember to keep different passwords for different accounts, i.e. your email account password should not be used for any other accounts

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *