A few years back, the world’s WordPress users found themselves vulnerable to attacks from hackers who would gain entry to their sites by pounding them with ongoing login requests that randomly generated usernames and passwords until entry was gained. Known as a brute force attack, this is a common way to break into WordPress sites. Web hosting companies responded by altering the login process so as to force secondary login using some sort of security feature.
Since then, hackers have continued to target WordPress, being that it is the most widely used content management system online. WordPress users should make every attempt to keep their sites as secure as possible. Believe it or not, completing regular site updates is one of the most effective ways to prevent security breaches.
Always on the Lookout
Organizations like WordPress are always on the lookout for new attacks. They work around the clock to identify potential problems before these become issues. Furthermore, as soon as a potential breach is detected it is dealt with, at least in most cases. Affected users need only apply updates and patches to close security holes.
The reason so many WordPress sites are at risk is the failure of site owners to do regular updates. A breach that affected more than 15,000 sites earlier in 2016 is a good case in point. According to Beta News, the compromised websites were vulnerable to an open back door that allowed hackers to upload malware and other malicious payloads that they could then use indiscriminately. It turns out that more than half of the affected sites were compromised because the WordPress platform had not been properly updated.
Two Kinds of Updates
There are two kinds of updates that WordPress site owners need to be concerned about. These are:
- Platform Updates – Platform updates are updates to the WordPress CMS itself. These are the most important inasmuch as WordPress developers use them to address security concerns. As an added incentive, making sure platform updates are maintained ensures a WordPress website always offers the latest functionality.
- Themes and Plugins – Updates to themes and plugins are not necessarily as critical, but they should be approached with the same commitment to keeping things current. Hackers can take advantage of any weaknesses they find in themes and plugins, and they do from time to time.
As a WordPress site owner, are you aware that you can set up your site to automatically apply platform updates whenever these become available? You can. Just go into the Softaculous section of your site’s control panel (usually cPanel), click on the WordPress installation you are interested in, and then check the box to force automatic updates. You might just as well check automatic backups too.
Most themes and plugins do not offer automatic updates. So WordPress users should be logging into their administrative panels at least once per week to see if updates are due. Any that are due should be applied immediately.