The Easiest Layer to Website Security
September 21, 2016How We Protect Your Website
October 5, 2016A recent report done by a security firm named Sucuri discovered that out of the 11,000 + infected websites analyzed, 75% of them were on the WordPress platform and over 50% of those websites were out of date (read full report). The core files for WordPress are actually quite secure. It’s the files that extend the functionality of WordPress, namely plugins and themes, that are the weak link.
Term | Definition |
---|---|
Theme | A WordPress theme is like the clothes your website wears. Just like clothes, you can easily change the way your website looks simply by switching themes. |
Plugin | Plugins can easily be installed to add special functionality to WordPress that doesn’t come out of the box. |
Both plugins and themes are purchased or available for free from third-party developers. While one would expect these developers to take security seriously, not all developers have the expertise to create secure code and many don’t have the time to update their plugins or themes regularly. Furthermore, most plugins and themes are not regulated by any governing body which means anybody can create a theme or plugin for public distribution.
Before you get panicky, here are a few way to protect your website from security vulnerabilities within third-party themes and plugins.
- Always check reviews for themes and plugins and read them as thoroughly as possible.
- Before downloading a plugin, be sure you can’t achieve the same functionality with code written directly into the child theme.
- Check version history to see how often the author of the plugin or file has pushed out updates and if there were any major security breaches they resolved with those updates.
- Do research on the theme or plugin using a search engine. We like to put in the name of the theme or plugin plus the words “security breach” or “security issues” to see if anything pops up.
- If you have coding experience, take a look through the code and see if anything catches your eye as suspicious.
- If you install a plugin or theme and it significantly slows down your website, that might be an indicator that the plugin or theme is poorly written.
There are many more tips we could give, but we don’t want to bore you. Instead, we want you to know the number one thing you can do to protect your website is to keep third-party files and WordPress core files up-to-date. While most of the time these updates are making the WordPress engine, theme or plugin a better user experience, sometimes, they patch security vulnerabilities. It’s also important to note that if a plugin or theme has not been updated by the developer in a few years, it’s time to move on to another theme or plugin.
Many website owners are simply not interested in keeping their WordPress core, plugin and theme files up-to-date. They fear something might go wrong and their website may not work properly or they don’t have time to mess with something so technical. We get that and that is why we have managed WordPress hosting. We do regular backups and updates to your files as part of our hosting solution. We can also take a look at your theme and plugins and make some security recommendations. Don’t let the dust settle on your website making it vulnerable to attack. Let us do the work for you.
Need managed wordpress hosting? Read more about our services.
Really interested in this topic? Read ‘Website Hacked Trend Report 2016 – Q1’ by Sucuri