Everyone wants to keep their WordPress install secure and judging by the number of posts about WordPress security, you’d think that it’s quite an advanced topic.
The fact of the matter is that it’s not: out of the box, WordPress is extremely secure. It’s bad practices from there that start to make WordPress insecure.
In fact, most security issues can be solved with a single word: updates.
The WordPress core development team is a large, decentralised group of dedicated volunteers, so on the odd occasion that a security issue with WordPress comes up, it’s not long before a hotfix is written. Sometimes it might take a few days for a maintenance release to be issued, but you can get these hotfixes applied immediately by installing the Hotfix plugin.
That’s WordPress taken care of. Next: plugins. In order to make extensibility of WordPress extremely easy, plugins are open system that allow anyone to write and publish code that can be installed on your site with great ease. While that is one of the greatest attributions to WordPress’ success, it also means that “bad code” can find its way on to your site quite easily.
Even if a plugin is written by a respected developer who codes well, they may use libraries which may have vulnerabilities. Each plugin that uses that library then needs to be updated by its developer.
This reminds me of the TimThumb exploit about 2 years ago: a script which is used in thousands of plugins and themes.
In these situations, hackers know the vulnerability and know what to look for, so if your plugin or theme isn’t updated relatively soon, it’s only a matter of time before that loophole is exploited on your site.
The reason that we see so many hacked WordPress sites is largely attributable to site owners not keeping everything updated, despite it being a relatively simple process.
The fact is, it can be a daunting process if you don’t feel comfortable with what’s going on. And it can be easily forgotten about if it’s not on your radar.
Updates are a vital maintenance activity for your site. If you want to make your site more secure, start by hitting that “Update” button more often.
If you’re too busy to think about updates, or the idea of doing so paralyses you with fear, you can always add updates to your custom maintenance plan here at The WP Butler.