This entry was posted in WordPress Security on June 23, 2015 by Tim 84 Replies
No one is immune to hacks. It doesn’t matter if you are a small business with 10 employees or a huge business with 10,000 employees. This was proven again when this past Wednesday the Microsoft site, digitalconstitution.com, was found to contain numerous spam pages and links in its website. The site, according to zdnet, was running an older version of WordPress which made it susceptible to the attack. This should also serve as a sobering reminder to all of us.
When was the last time you looked at the plugins you were using on your site? How about your themes? Do you really need all of them? Are there any just sitting there, not updated and disabled? Many of the exploits and hacks that happen today to WordPress sites are a direct result of outdated themes and plugins. If you are unlikely to ever use that really neat slider plugin that you never got around to playing with then why do you still have it? How about those 10 different themes you uploaded when you were thinking about redesigning the site? Seriously, are you ever going to use them? If the answer to any of those questions is no, then get rid of them.
How about the plugins you do use? Is there any reason that you are still using an old outdated and unmaintained plugin that hasn’t been supported in years? Is the functionality so crucial that you are willing to risk your site’s security on it? Is it worth the time, the energy, lost business, and lost sleep that will inevitably come when your site is exploited and redirects everyone to an offshore pharmacy? With 38,461 plugins in the WordPress.org repository at the time of this entry there are probably at least several that will provide the same purpose but that are updated and rated to work with the current version of WordPress.
Let’s also not forget about the core WordPress software. WordPress doesn’t release new versions just to release something. They contain security fixes, bug patches, and, yes, even some new functionality or improvements. If you are running an outdated version of WordPress, then you likely have holes in your website’s security.
Sure, it’s tempting to poke fun when the big guys get egg on their face. But learn from their mistakes. Maintain your website. Update your software, themes, and plugins. The difference between the big guys and you is this: They have a team that will fix their site for them if they get hacked. You have you, and if you’re lucky, a much smaller team. A little updating and maintenance now will prevent you from being the next statistic.