Avoid getting hacked – make sure you’re up to date
At the end of June, we were all given a very sharp reminder that no one is immune from getting hacked. Whether you are a one man band running a small website or a huge global organisation with 10,000 employees. If you don’t secure your site correctly, you are leaving yourself open to getting hacked.
At the back end of June, that’s exactly what happened to the Microsoft site, digitalconstitution.com. That’s right. A Microsoft owned site got hacked. According to Wordfence, the site was running an older version of WordPress (WP) which made it susceptible to getting hacked, something that could be easily avoided by keeping on top of updates across the board; CMS, plugins and themes.
Updating your core CMS
Many sites today are built in WordPress. The latest stable release of WordPress is version 4.2.3 and if you are running a WP site that is not using this version, you should go and update it immediately. Updates to the core software are not just simply to add new features or functionality (although updates do often contain improvements). They more often than not contain security fixes and bug patches which will help to keep your site more secure online. Chances are if you’re running an older version of WP that you have some potential holes in your website security.
Updating your plugins
If you are running a WP site, we’re sure you will have all seen the orange notification numbers next to the Plugins link in the left hand navigation. These numbers are not just there to keep you in the loop as to how many of your plugins need updating. They stand as a constant reminder until you update your plugins that they need updating. This is a great time to go and audit the plugins you use on your site because the chances are that some of them will be out of date and either these need to be updated where an update is available or they may even need to be deleted if they are adding no value to your site. Over time, new plugins are introduced to the market that do a better job than an existing plugin you may be using but instead of deleting the old plugin, it just remains on your site. This is another potential security risk so it is definitely worth the time to audit, update and remove plugins that are no longer used on your site.
Similarly to plugins, many people have old themes sitting on their site which are not doing anything and are just disabled. Although they may be disabled, this does not stop them from providing a threat to your site security. Many people download a whole set of new themes when they are thinking about a site redesign and after choosing one, the rest just sit there doing nothing. It’s time to get rid of them as they are posing a real threat to your website’s security. Not updating your plugins and themes poses one of the biggest threats to your website security so act now.
In December 2014, it was reported that 100,000+ WordPress sites had been compromised because they didn’t update the Slider Revolution Plugin. 100,000+ sites affected by one plugin. Time Magazine also reported in 2014 that sites including the US Postal Service, Staples, Kmart and JP Morgan had all been victims of hacking. Whilst the reason for the hack is not reported, it is a big reminder that hacking can affect all companies big and small.
Keeping your CMS, plugins and themes up to date is not something that should be taken lightly. It can be time consuming; if you have made customisations to your plugins and themes, it is not just a case of hitting the update button but you should be setting aside time and budget each month for ensuring your site is up to date. The security updates and bug patches are crucial to the security these plugins and themes so not updating them on a regular basis leaves you very susceptible to hackers. The Wordfence Plugin is an excellent way to keep on top of your updates as it will send you reminders each time on of your plugins or themes releases an update. Don’t just ignore these; act quickly and if you haven’t looked at your plugins and themes for a while, now is the time to go and get everything up to date.