WordPress – Maintenance and Security Issues

Diligent and regular maintenance to keep WordPress secure

WordPressI’ve blogged before about the pros and cons of WordPress.

I love it as a blogging platform but I’m not keen on it as a content management system for updating websites. For me, it does an excellent job for straightforward blogging but is arguably quite clunky for average users who want to update their web pages easily and intuitively.

However, everyone has their own preferred CMS and it’s fair to say that WordPress is very popular, both for blogging and for those who are content to overcome the learning curve and use it for managing websites. Likely as a direct result of its popularity, WordPress receives a disproportionately large amount of attention from hackers who seek to exploit vulnerabilities in the underlying code and the “plugins” which developers add to extend the functionality of the main platform.

As a result of this unwanted attention, unfortunately WordPress has been compromised quite regularly, resulting in defaced websites and consequent grief for the website owner.

Earlier this month, a huge security flaw in WordPress was published which resulted in many hacked sites as website owners struggled to get their sites patched in time. So why are hackers soon keen on WordPress and how do they get in……?

How do hackers attack WordPress?

Like all content management systems, WordPress consists of many php files (web “code”) and a complex database which sits behind it. Hackers constantly look for ways to exploit these files and the database so that they can take over the website for nefarious purposes. Whilst the code developers do all they can to prevent these types of unwanted intrusions, flaws can occur which leave a way in. Elite hackers are very clever people and they know exactly where to look to try to identify weaknesses – and sometimes they succeed. Of course it’s not just WordPress which is vulnerable to this; others CMS are too. However, WordPress does receive a huge amount of malicious attention and tends to be near the top of the list when it comes to hacking exploits.

I also mentioned “plugins” earlier in the post. These are small add-ons which plug-in to WordPress to add specific types of functionality, for example linking to social media accounts, analytics, SEO and much more. Whilst some of these are well-maintained, others are very definitely “home spun” and potentially risky. If you do not update your plugins as well as the main WordPress core files, then prepare for problems. Another potential problem arises when a plugin developer decides to stop providing updates or begins charging for them – all things to consider when it comes to using WordPress.

How can you protect yourself?

There is only one way to protect your dental WordPress blog and website and that is to ensure that you update regularly. More recent versions of the platform now actually carry out small updates automatically which is a useful feature; however larger scale updates have to be initiated from the administration section or performed manually. Automatic updating works reasonably well but can fail on occasions necessitating the intervention of your web team.

How often do WordPress updates happen?

Unfortunately very frequently. Here is the official WordPress update schedule from the last few years:

https://wordpress.org/news/category/releases/

Add to this the large number of plugin updates and you will see the level of commitment involved.

Summary

Without doubt, WordPress is a popular website and blogging platform and as such, unfortunately receives a lot of attention from the hacking fraternity.

Love or hate it,  what is certain is that if you do use WordPress, you need to spend time to keep your WordPress system secure by diligently applying core file and plugin updates as they become available.

Whilst WordPress has made updating a little easier with it’s new automated system, it’s still very important to check that all has worked successfully and that your website or blog is still functioning as you expect.

If you would like help with auditing your dental WordPress website or blog, please get in touch on 01332 672548 and we’ll be pleased to assist.