All it takes is one security mistake on your WordPress site for disaster to strike. Yet users continue to make this single most common security mistake — even though it’s easy to avoid.
To avoid this mistake, you need only do one thing. Don’t ignore your WordPress Updates. It’s that easy. Go directly to updates. Do not pass Go. Do not collect $200. Or it will be game over.
Even the big guys are vulnerable. Microsoft had one of their sites hacked because the WordPress site in question was running an older version of WordPress. Turns out the attackers hacked the content to promote online casinos, including adding links and new pages that were injected to show embedded content from other gambling websites. Supposedly it was a scammer and not a group of “professional” hackers, demonstrating how easy it is for someone to attack your site on the basis of outdated software.
Why Ignoring WordPress Updates Is Like Driving In The Wrong Lane
When you ignore your WordPress updates, you are eventually going to run into trouble. Sooner or later, that oncoming vehicle is going to show up in your headlights. It’s best to stay out of the way of potential trouble and keep your WordPress site updated.
Here are a few things that can go wrong:
- Your site can be infected with malware. This malware will then infect any visitors to your site.
- If you have a membership only site with people who are paying to get content, they will also get their computers infected.
- Visitors to your site can be redirected to an offensive spam site, leaving them to forever associate you with this unhappy experience.
- Your email list can be stolen and all your subscribers sent spam, with the potential for other hackers to purchase your list and spammed by them as well.
- Your search engine ranking can fall when Google determines your site to be infected with malware. Getting your site blacklisted takes time and effort to recover from.
- All your hard work goes down the drain with one bad slip-up when your reputation is damaged.
Get Your Updates – They’re Free!
Every day there are developers out there discovering new bugs and security loopholes in existing software. There are graduate students assigned to the task of hacking into various accounts to test the site’s viability (and the student’s prowess).
When the vulnerability is serious, the developer will issue a release for an immediate update. When this happens, it means update now before the hackers find out and attempt to take advantage of your website’s security loophole.
So instead of ignoring your theme and plugin updates, get them as soon as they come out, and get them regularly. Like a reliable vaccine to a new epidemic, don’t wait around to see how things pan out before you get inoculated. Act proactively before your WordPress website gets infected.
Remember, even deactivated themes and plugins are vulnerable to attack. If you’re not using them, it’s best to delete them.
The Best Remedy For Your Update-itis
You know you have update-itis if you’re constantly avoiding or forgetting to update your WordPress site. It’s okay, you can admit it. It’s not contagious (I hope), but it is risky business.
The number one thing to do is come up with a back-up method as your safety net. By backing up your site before you do any updates, you’re covering your keister in the event that something goes wrong. This is a good precautionary measure because sometimes plugins or themes can have wonky
There are a few things that will make updates even easier:
- Automatic Background Updates is a recent feature that came out with WordPress 3.7. Please tell me you have updated to 3.7. If not, do that first. Then you can rest easy knowing you automatically have background updates happening for maintenance and security to your WordPress site. Whew.
- The WordPress security team is working to give you more automatic security updates for plugins. Once you have WordPress 3.7, these updates will be supported as they are offered. The automatic security updates for plugins will be voluntary by the end-user, unless the WordPress security team deems it “an issue severe enough to warrant” a required opt-in.
- Set up Google Webmaster Tools to alert you if Google finds malware on your website in the event all your updating has failed you somehow.
- Install the WordFence plugin and get email alerts when your installed plugins need updating.
- WordPress makes it very easy to keep your website up to date. Just be sure to make a current and complete backup of your database and your files before you do any updating, or have it done automatically each week.
There are many ways to backup your website, but two of the easiest ways are:
- Create a backup from your web hosting cPanel.
- Use a backup plug-in that you can install in your WordPress dashboard that will automatically backup your site at set intervals.
Don’t let update-itis cause your website to suffer. Stay updated and stay safe!