WordPress is, mostly because it’s the world’s most popular CMS, very exposed to attacks. There are several ways to minimize the risk (this also applies to all other CMS).
Top-4 Security Tips for WordPress and Other CMS:
- Use secure passwords that are not used anywhere else (and preferably multifactor authentication)
- Keep your platform updated
- Have good backups available if everything goes wrong
- Make sure your website is protected by an effective firewall, built to protect web pages.
Updates of WordPress
This article is about paragraph 2 – updates. WordPress consists of several parts, most commonly the system itself – WordPress, its plugins and themes. All of these are updated regularly. How often this happens depends, among other things, on how many different plugins you have active.
Always disable and delete unused plugins and themes. It reduces the risk of attack.
Updates are released for several reasons, such as bug fixes, new functionality and security updates. The serious ones are the security updates – as soon as one is released, one can be sure that there are people trying to exploit the security hole. Often it is worse than that – the security update is released because the security hole has already been found and is being used.
Check plugins that are not updated for a long time – if they are abandoned then they can have security holes that are never corrected. Replace with plugins that are maintained.
How to update?
Of course, there are different opinions about this. Many want to test updates properly before driving them out sharply, but it also means that you are exposed to a risk while testing.
Because there will be updates almost every day, and because these often relate to security holes, which have not been known for some time before the security hole, it is for most people unacceptable to let these be open longer.
- Backups – Make sure you have a routine for automatic backups, every day, saved long enough for you to get away from your vacation, discover the problems, and understand that you need the backups. One week is not enough.
- Update your site automatically every day. Automatically is better than manual, as few companies have the resources to ensure that it takes place 365 days a year. At some point this will cause problems that you have to deal with (and you do have backups), but the problems you encounter when chopping are usually greater
- Make sure that the site is protected by an effective WAF – Web Application Firewall. If something goes wrong, this is an extra layer of protection that can sometimes protect even before the security hole is known.