WordPress is most definitely a favourite in the Content Management System (CMS) arena and WordPress plugins ensure that it has the most functionality that a website owner could want, including security. Unfortunately though, without proper maintenance, the system’s vast selection of plugins could also be its pitfall.

In real life, a virus has disrupted the world as we knew it; in the cyber world an increase in viruses has been experienced, that are exploiting this disruption. Since the start of lockdown the amount of malware on South African websites increased by more than 300%. Now more than ever companies and individuals have to reconsider cyber security and how they will be protecting their businesses, websites, data, devices etc. going forward.

Your website is a great place to start. With more than a third of the world’s websites running on WordPress, hackers are focusing a lot of their attention on this system. In recent years, attacks were aimed at exploiting flaws in vulnerable plugins as opposed to the WordPress platform itself. In order to avoid site hacks, SPAM, malware etc. make sure you make managing your plugins a top priority.

Managing WordPress plugins and security to reduce cyber threats

Limit the amount of plugins you install

The more plugins you have, the more developers you entrust with the security of your site and ultimately, the more maintenance you have to do to keep your website safe. When it comes to plugins, less is definitely more. Look for quality. Make sure every single plugin you install is essential to the overall success of your website and your visitors’ experience.

Only install reputable plugins & delete all unused plugins

There are tens of thousands of plugins available for WordPress. Choose reputable plugins that have been added to the WordPress.org directory or have been approved by the experts. As important as it is to install good quality plugins, it is also essential to get rid of the obsolete ones. Any installed plugin increases your site’s “attack surface”. If it doesn’t serve a purposeful function, delete it.

Run plugin updates ASAP

It is important to run plugin updates as soon as they become available. Multiple studies confirm that a high percentage of hacked WordPress sites weren’t updated at the time of the hack. Developers maintain their plugins and keep them current with good reason. Trusted plugin developers continuously strive to improve their plugin’s functionality and fix any security flaws or bugs that may occur. Cyber criminals know this. The moment an update is released they focus their attention on hijacking sites with the old versions installed before these patches can be applied.

Review WordPress website for any abandoned plugins

Occasionally, a developer creates a plugin but loses interest, or the needs from users’ changes. If a plugin hasn’t been updated in two or more years, don’t install it. It’s too risky. Alternatively, delete it if you currently have it installed. It may still display as being available and ready to install, but there are no current available updates for it. This essentially means it’s an abandoned plugin and as technology advances this plugin could become a vulnerability.

At Domains.co.za, we are serious about two things: getting our customers online and protecting them once they are live. We therefore offer a range of value-added solutions (Register Domain names, Web Hosting, SSL security) to achieve these two goals. But that’s just part of the story. We also recognise the value of time and that is why our solutions aim to save customers the hassle of performing certain tasks manually. For instance, our WordPress Hosting solution includes a Smart WordPress Update tool, which does all your plugin and other WordPress updates automatically.

Done with manual WordPress plugin updates? Sign up for our WordPress Hosting.

Additional Information

Login to Domains.co.za Account

1. Go to the Domains.co.za website Account Login page.

2. Enter your Email and Password.

3. Then click the “Sign In” button.

Access WordPress from your Domains.co.za Dashboard

4. On the right of the Dashboard under the “Manage Account” menu, click “Manage Services” on the drop-down menu and select your Hosting plan, our example uses Web Hosting.

5. Scroll down to the “Quick Manage” section (below “Product Information”) and click on the WordPress icon. If you haven’t yet installed WordPress, it will ask you to first do so.