A Little Background
As much as website managers and marketing professionals may hate to think about it, regular monitoring and maintenance tasks are vital to keeping sites secure (free of vulnerability risks) and functioning as expected (preventing known bugs). Over 80% of websites that are hacked are attributed to the fact that they were not being regularly updated. And these days, if your website doesn’t run on a CMS platform such as WordPress, it’s even more susceptible to attacks.
If your site does run on WordPress, you’re probably familiar with the occasional back-end dashboard messages encouraging you to update the platform’s version (WordPress core) as well as plugins and themes. Although it may be tempting to simply click on these action items, careful measures should be taken in order to prevent inadvertently causing your site to go down. Best practice calls for making a backup of your site, copying it over to a staging environment, manually performing each update one-by-one and testing your entire site after each… only to have to repeat these steps in order to apply the updates to your live site.
Thing is, you probably already have enough on your plate to have to also deal with going through these processes every time a new release is published.
In addition, sometimes a single plugin update may not be fully compatible with the current (or recently updated) version of the WordPress core. When that occurs, you usually have to roll back that particular plugin update, retest the site, wait for the next release and do this all over again. Or, if your site contains WooCommerce custom themes or a page builder, certain updates require even more attention. If you haven’t already experienced and corrected these types of issues yourself, the first time you do will not be fun. And neither will the second, or third, or… you get the point.
But Why Would Hackers Attack YOUR Particular Site?
The truth is that hackers tend to scan millions of websites using automated tools (called malbots) in search of sites running versions of WordPress core that are out of date or that have vulnerable plugins and themes. According to iThemes.com and WPScan.org, 52% of known WordPress security vulnerabilities are from plugins, 37% are from WordPress core and 11% are from themes.
WordPress is what’s called an open source platform, and it runs over 28% of all online sites. Because it is open source, there are an unlimited number of features that developers can add to the platform through plugins, and because it is widely used, it is also often the target of malware attacks. As a result, the WordPress team is forced to release critical/security-related patches to its core foundation/code whenever vulnerabilities have been detected and announced by well-intentioned developers as well as website security scanners. Plugin and theme authors must do the same whenever a vulnerability in their code is detected, and they also have to adjust to any major WordPress core changes. When these particular types of critical updates are ignored, website administrators are essentially allowing hackers to exploit these known vulnerabilities and break into their sites.
So What Should You Do?
While there are many things to keep in mind to help avoid WordPress security vulnerabilities, by signing up for a Support Plan with emagine (which can be tailored to your specific needs), you can rest assured that we will monitor and perform these time-consuming maintenance tasks on your behalf.
Recently, we have added a new artificial intelligence (AI) service to our set of support tools which facilitates update processes (depending on a site’s hosting environment). Whenever new updates are detected for your site, this cutting edge technology provides automated visual comparisons between your current live site and a virtual copy of it as it would appear after updates have been applied. It alerts us when potential issues are detected so that we can review and provide a fix, even when the issues are attributed to uncontrollable browser updates. As you can imagine, this AI tool saves time and helps eliminate issues that may otherwise be missed by the human efforts.
Ariel Sanchez is the Client Success Strategist at emagine.