WordPress Plugins and the Security of your Website - asking to get hacked?
WordPress is most definitely a favourite in the Content Management System (CMS) arena. It's free, it's flexible and the amount of plugins available is unbelievable. Unfortunately though, without proper maintenance, the system's vast selection of plugins could also be its pitfall.
In real life, a virus has disrupted the world as we knew it; in the cyber world an increase in viruses has been experienced, that are exploiting this disruption. Since the start of lockdown the amount of malware on South African websites increased by more than 300%. Now more than ever companies and individuals have to reconsider cyber security and how they will be protecting their businesses, websites, data, devices etc. going forward.
Your website is a great place to start. With more than a third of the world's websites running on WordPress, hackers are focusing a lot of their attention on this system. In recent years, attacks were aimed at exploiting flaws in vulnerable plugins as opposed to the WordPress platform itself. In order to avoid site hacks, SPAM, malware etc. make sure you make managing your plugins a top priority.
How to manage your WordPress plugins to reduce cyber threats
Limit the amount of plugins you install
The more plugins you have, the more developers you entrust with the security of your site and ultimately, the more maintenance you have to do to keep your website safe. When it comes to plugins, less is definitely more. Look for quality. Make sure every single plugin you install is essential to the overall success of your website and your visitors' experience.
Only install reputable plugins & delete all unused plugins
There are tens of thousands of plugins available for WordPress. Choose reputable plugins that have been added to the WordPress.org directory or have been approved by the experts. As important as it is to install good quality plugins, it is also essential to get rid of the obsolete ones. Any installed plugin increases your site's “attack surface”. If it doesn't serve a purposeful function, delete it.
Run plugin updates ASAP
It is important to run plugin updates as soon as they become available. Multiple studies confirm that a high percentage of hacked WordPress sites weren't updated at the time of the hack. Developers maintain their plugins and keep them current with good reason. Trusted plugin developers continuously strive to improve their plugin's functionality and fix any security flaws or bugs that may occur. Cyber criminals know this. The moment an update is released they focus their attention on hijacking sites with the old versions installed before these patches can be applied.
Review WordPress for any abandoned plugins
Occasionally, a developer creates a plugin but loses interest, or the needs from users' changes. If a plugin hasn't been updated in two or more years, don't install it. It's too risky. Alternatively, delete it if you currently have it installed. It may still display as being available and ready to install, but there are no current available updates for it. This essentially means it's an abandoned plugin and as technology advances this plugin could become a vulnerability.
At Domains.co.za, we are serious about two things: getting our customers online and protecting them once they are live. We therefore offer a range of value-added solutions (domain names, hosting, security) to achieve these two goals. But that's just part of the story. We also recognise the value of time and that is why our solutions aim to save customers the hassle of performing certain tasks manually. For instance, our WordPress Hosting solution includes a Smart WordPress Update tool, which does all your plugin and other WordPress updates automatically.
Done with manual WordPress plugin updates? Sign up for our WordPress Hosting here.