Home Content Management Using WordPress for your dental website? Beware of hackers!

Using WordPress for your dental website? Beware of hackers!

AdminPosted on Posted in Content Management

Why you need to stay on top of WordPress security updates

WordPress hack riskWordPress is very popular for building cheap websites but also notoriously prone to security problems and hacking exploits; particularly so if you don’t spend a lot of time staying abreast of all of the security updates needed to try to keep it secure.

The fundamental problems are exacerbated because of all the third party “plugins” which can be used to extend the functionality of WordPress.

Most are free to use but come with varying degrees of robustness and support – so a plugin that works and is secure when your site is built, may not be secure when the developer abandons it 6 months down the track.

Given all of the maintenance and security issues, WordPress is now not our main tool of choice for business critical dental website applications; instead we prefer an alternative content management system which is considerably more secure and frankly easier for clients to use. However, we do still use WordPress for blogging where we can “lock it down” and ensure that it stays as secure as possible, minimising the use of vulnerable plugins and with no reliance on third-party scripts to make it work. Even so, we still invest a lot of time in keeping these streamlined blogging platforms updated and secure.

**STOP PRESS** – this blog was written just before a huge WordPress hack which happened in early February and which affected hundreds of thousands of websites. A couple of dental design companies were hit particularly hard with dozens of their client sites being defaced. Some are still down now, nearly two weeks later, demonstrating just how pertinent the advice in this blog actually is.

Why is WordPress popular?

Given the plethora of security problems and tiring updates, you have to wonder why WordPress is popular? The fact is that there are lots of resources available for WordPress which make it very cost-effective for developers. These are typically what we call “templates” which can be acquired for very little money; £30 or £40 and some even free.

The developers then add business specific images and text to the pre-built template and sell it on to their clients, often for thousands of pounds. More often than not, the client is led to believe that it’s a bespoke design when in fact it’s available for all to use for just a few pounds. This type of activity is rife in the dental web design community where some designers actually claim that the designs are bespoke and yet it’s easy to see that there is a commercial template underpinning it.

Failure to update – the consequences

Whilst doing some research earlier this week I stumbled across a couple of competitor’s client websites which were built on WordPress. More detailed inspection showed that they hadn’t been updated for over a year and consequently were well out-of-date and potentially insecure. A hacker with the right level of knowledge would be able to break in and deface the site or worse. This led me on to track more of the same company’s websites and the large majority hadn’t been updated. This seemed particularly odd as, not only is it fairly reckless to run an outdated WordPress site, but the supplier concerned also insists on a monthly maintenance fee from their clients; so one might expect these fundamentals to be taken care of?

I suspect what was happening in these cases is that the WordPress sites were built on purchased templates which had subsequently become incompatible with the underlying “code” as the main WordPress system progressively updated. Rather than risk breaking the website, the dental marketing company are sitting back and hoping that the sites don’t get hacked. Not a good scenario, particularly as the dentists probably don’t even realise that they are at risk.

What can you do if you run WordPress?

The first thing to realise is that there are alternatives and that many disciplined website developers won’t even go near WordPress in favour of more robust alternatives. However, you may already be invested in the system and need to keep it going for a while yet. So here’s what to do:

  • check with your designer that your website is really a bespoke build and not a template which may become incompatible down the track
  • check that the site uses a “child” theme which will help to make sure it doesn’t break when the core WordPress system updates
  • ensure that your designer is actually updating your website and plugins, particularly if you’re paying a maintenance contract – you can check this in WordPress admin. area.
  • make sure your designer keeps a nightly back-up. Even an updated website can still be hacked

Summary

If you run a dental WordPress website, you need to pay attention to security to lower the risk of hacking. WordPress is popular, but popular doesn’t always mean good, as the recent hacks demonstrate! So diligence is essential to keep your website safe. You may think your site is being updated and cared for by your designer if you have a monthly maintenance contract with them, but this isn’t always the case for the reasons noted above. Various incompatibilities may mean that your site can’t be updated even where you believe it is being done. So ask the right questions to make sure.

When it comes to update time, remember that there are a variety of content management systems available as an alternative to WordPress, several of them more robust and easier to use. If you need help to audit your site and don’t know where to begin, please call the Dental Media web team and we’ll be pleased to take a look under the bonnet for you free of charge. Also if you were hacked recently and are worried about it happening again, then please get in touch. You can reach us on 01332 672548.