The Importance of why you need to update WordPress.
WordPress is one of the most popular platforms on the web (it currently powers over 700 million websites). Part of its appeal is that it’s open-source and free! Sadly there are a few disadvantages to this as it means anyone can download a copy of the files and try to find a weakness in the system. Fortunately the WordPress team do an excellent job of keeping on top of any potential security weaknesses that are discovered and they often release an update to fix any issues before they’ve had a chance to be used for malicious purposes.
This does mean that it’s very important to keep your installation of WordPress up-to-date as well as any plugins your site may be using, so that the potential weaknesses that have already been found are also fixed.
Some people seem to have a false perception that they can pay someone to build them a website and then once it’s built, that’s it, it’s done, no further action is required! Sadly while this notion might work well for print it doesn’t hold true for work carried out on the web. Websites need to be maintained and kept up-to-date to help with security and a small benefit of this is that it might also help to improve your site’s SEO ranking!
We have some clients who choose not to update WordPress very regularly. Although their sites continue to function as normal and nothing appears to be out of place, they are placing their websites in a much bigger risk of eventually being hacked via one of the weaknesses that hasn’t been updated on their WordPress installation. Hackers will always find a way of getting around things but their job is made much harder by updating your software. This applies for everything, companies always concentrate on keeping the security of their newest or current products up to date, so when you aren’t updating, loopholes will appear and hackers will take advantage of this and exploit your laziness.
This is more important for WordPress as it is much easier to exploit laziness, on top of the fact that if your website goes down due to being hacked, it could result in your business losing important business and money while it’s being restored (your website is being backed-up regularly, right?). WordPress are very good at keeping security problems to a minimum as long as your site it kept updated! The problem is people ignoring this message, from the casual inexperience user to those who use WordPress all the time.
Once hackers discover a weakness in a website running WordPress, they can scan through and find loads of websites which are running the same version and hack them too!
There are four common types of attacks; Backdoors, Drive-by Downloads, Pharma hacks and Malicious redirects. These are the most common ones out there, that affect WordPress websites.
A backdoor attack lets an attacker gain access to your environment via what you would consider to be abnormal methods — FTP, SFTP, WP-ADMIN, etc. A drive-by download is the Web equivalent of a drive-by shooting. Technically, it is usually embedded on your website via some type of script injection, which could be associated with a link injection. Pharma hack is one of the most prevalent infections around. It should not be confused with malware; it’s actually categorised as SPAM — “stupid pointless annoying messages.” If you’re found to be distributing SPAM, you run the risk of being flagged by Google. A malicious redirect sends a user to a malicious website. In 2010, 42,926 new malicious domains were detected. In 2011, this number grew to 55,294. For much more information and in-depth analysis of these attacks visit: wp.smashingmagazine.com/2012/10/09/four-malware-infections-wordpress/.
We use WordPress for a lot of our client sites and we now offer a back-up, monitoring and update service which will keep your site secure. This service starts from just £10 per month, so get in touch with us if you have a WordPress site you’d like secured.