WordPress, being a dynamic CMS (Content Management System), which has login capabilities can be vulnerable to being hacked. There are a number of methods and motivations for hackers, sometimes it could be just for fun or to plant some redirecting software to a dodgy website on your site. Either way the results are undesirable and are to be avoided at all costs.
Sadly – WordPress hacking is becoming more and more common.
The good news is that you don’t need to be an expert counter hacker to prevent your site being attacked. the good folks at wordpress.org take care of that for us. All we have to do is keep the WordPress and associated software up to date.
There are 3 areas of software that need updating:
1. Plugins – almost all WordPress sites use external extensions called plugins for extra functionality. The authors of these plugins keep their software updated to protect it from vulnerabilities. Plugins are updated via the WordPress admin area. Most WordPress sites will be using between 3 and 20 plugins, a site with more plugins will likely have plugin updates available every few days. Weekly updates are recommended.
2. WordPress – Every few months WordPress itself releases a new version. Minor version upgrades are done automatically and you just receive an email saying that your site has upgraded. More major version changes that may have the potential to affect functionality require manual execution via the WordPress admin area. It is prudent to take a full backup of the site before executing a major WordPress version update, just in case anything goes wrong.
3. Theme – Your site will be running a WordPress theme which determines a large part of how your site looks and works. Occasionally a software update will be incompatible with some existing code in the theme. Good theme authors keep their themes updated to be compatible with each WordPress release, it is therefore sometimes necessary to update your theme at the same time as a WordPress version (or a major plugin update – such as Woocommerce). Updating the theme is the most risky for preserving the elements of the site and a full backup should definitely be done first.
So what updates can you do yourself and what should your developer do?
Well it can be a grey area but many plugin updates should be fairly safe to do yourself when you login. But some larger plugins might pay to have a developer do as they could require integration with other software.
As a rough rule of thumb – updates you should leave to the developer include:
- Plugins – Woocommerce and anything associated with it (or similiar ecommerce software). Or any theme specific plugins that are included in the theme.
- WordPress major version releases, ones that require manual activation.
- The theme.
Contact us to find out about regular maintenance packages to protect your site.