The Benefits of Regular WordPress Site Maintenance

If you were using WordPress a decade ago, a visitor to your site could expect to see a blog roll and a main menu with very few other options. At most it probably had an “About Me” and “Contact Us” section, accompanied with a couple of topic-specific information pages.

Fast forward to today, and WordPress is no longer constrained to bloggers. It’s commonly used by people and organizations of all shapes and sizes. Boy, have times changed!

The vast array of additional features that the WordPress community has created and refined over the past 10 years has enabled WordPress to evolve into a robust, multi-purpose Content Management System (CMS).

Much of WordPress’ expansion can be attributed to its free and open source distribution. The CMS has attracted talent from all over the world and encouraged collaborative development of thousands of different plugins and themes. This WordPress community is always growing, always building, and always optimizing.

It’s no wonder that WordPress has flourished into the most commonly used CMS on the web, accounting for about 25% of all existing sites, according to a recent survey by W3Techs. In fact, nearly 60% of all active sites based on a CMS use WordPress.

pasted_image_at_2016_05_02_11_36_am

Popularity also attracts the bad guys: Hackers

A WordPress user typically enjoys plenty of benefits. The software is free, the interface provides a well-polished user experience, and the core and most popular plugins are regularly maintained and updated by experts. This often results in significant development efficiencies when a new site is created using WordPress. Unfortunately, along with the exceptional functionality and flexibility that makes WordPress so attractive, there’s a dark side that all users should be aware of.

The web is constantly being infested with new, clever methods to attempt to hack sites, distribute malware, and perform all sorts of mischief. Hackers flock to popular CMS software with the largest user bases (Hint-hint: WordPress) and try to scope out potential vulnerabilities at every corner. They know that many users do not regularly patch and update their software which can leave the gates wide open for attacks.

Sound a bit daunting? It’s okay – there’s GOOD news to this too. Because the WordPress community is large and highly active, developers are generally very quick to identify the latest vulnerabilities and create updates. The vast majority of security holes and hack attacks can be thwarted by ensuring that all WordPress core and plugin updates are regularly applied.

But beware the risk undertaken if a CMS is not updated within a timely fashion – you could leave your site exposed to a litany of threats.

“Oh I’m safe. I don’t know why anyone would want to attack me.”

This is one of the most common misconceptions associated with WordPress security and the importance of regular maintenance. Many WordPress users put maintenance on the back-burner because they have low traffic numbers or don’t think anyone would have reason to steal any data or files associated with the site. You may not have waves of enemies planning a direct attack on your site, but even so – if WordPress updates are ignored, you are a target for plenty of other malicious activities.

toy-1121692_1280

Most hackers don’t intend to steal anything from you, but instead hope to infect your site and use your hosting environment to send spam emails or attack other servers. Hackers often create bots to search for WordPress sites across the web and then scan for common vulnerabilities. Once a vulnerability is detected, the hacker can exploit it, take control of the server, and use it to do their nefarious bidding.

In many cases, the server is then used to distribute spam to massive email lists which can cause your IP address to be blacklisted and damage your site’s reputation. Other times, a successful hack may remain dormant for a long period of time, while the hacker infects other WordPress sites and slowly builds up an army of exploited servers – aka “botnets.”

The hacker may then flip a switch and use all the infected servers to perform a Distributed Denial of Service (DDOS) attack on another network. To gain a better understanding of hackers’ process and motivation for setting up botnets and orchestrating DDOS attacks, check out this two minute video by Radware.

Keep WordPress updated and save yourself future hassles

The value of WordPress updates is not limited to maintaining good security practices. Core and especially plugin updates are often released by their authors to improve the overall performance of the site and add new, convenient features.

For example, sometimes a developer creates a handy plugin that’s well written from a security perspective. But over time, the developer may realize that parts of the code are excessive, and some tweaks could improve the load time. If your site utilizes this plugin, the upgrade will improve your website’s performance, help provide an optimal experience for your visitors, and keep the search engines happy.

As you would probably expect, updates are also extremely important because they minimize the likelihood of your WordPress site being hacked. If your WordPress site does fall prey to a hacker or bot, the clean-up process can be a time intensive hassle. The site and server have to be carefully scanned by experienced developers for changed files and directories, malicious code injections, and logs of suspicious activities.

HNCK1218

In some cases, a WordPress hack can overtake administrator level access and provide an attacker with the ability to upload complicated scripts and add or modify all existing files. There is NO quick fix to fully cleanse the site at this point. To ensure that no compromised files remain intact, this scenario typically requires a recreation of the entire server environment and re-installation of the WordPress CMS and all previously used plugins from the source.

Let WordPress experts handle maintenance for you

Media Genesis highly recommends keeping your WordPress site updated on a regular basis. It only takes one successful penetration by a hacker to make a user firmly regret not keeping the site up-to-date. If you have an existing WordPress site that is not receiving maintenance, there is no better time than the present to start taking measures to prevent your site from being compromised.

But be careful!

The most recent major releases of WordPress include buttons that allow you to automatically update the core and many plugins with just a couple clicks. That feature may seem easy and convenient, but if you start automatically applying updates whenever they are released, eventually you’ll break the site. Updates can come with considerable modifications to the core and plugins’ structure and may require additional site or server tweaks to keep the site functioning properly.

We have a lot of experience with WordPress and have procedures to ensure that proper back-ups of the site are taken. Updates are then carefully completed and verified to work properly without breaking other components of the site.

If you currently have a new WordPress based site being developed, or if you already have a WordPress site that is not being updated, please feel free to reach out to us. We have a special annual plan for WordPress maintenance needs, and we’ll be happy to discuss this further with you.