Running a hosting business you see a lot of things in peoples web sites that make you cringe and teach you why their last hosts had issues with them or couldn’t help them. I take a lot of pride in the support I provide to my hosting clients. I always own a problem and work my butt off to ensure that the client is happy, and their site is running as best as it possibly can. That being said, there is a lot that you as a web site owner can do to ensure that your site doesn’t have problems and one of the major ones is ensuring WordPress is up to date. Why you ask? Let’s get into it!
WordPress is Not Secure 100% of the Time
Quite a few people who use WordPress are under some false assumption that WordPressis 100% secure. This is absolutely false, and becomes compounded by the number of plugins and themes that you install from variable sources. Maybe you got a new theme from some web site offering great free themes, or you installed a plugin from a friend who told you it was the best one to do what you want.
Ideally you wouldn’t use any plugins however sometimes there are features that you want that WordPress just doesn’t do.
WordPress Plugins are Even Less Secure
WordPress plugins generally offer some extended functionality to your site and usually they work great. They are also generally written by third parties who can be fantastic, or could be amateur coders. Let’s take a look at a popular slider plugin used by a bunch of themes by default and that some people have bought and installed themselves called Revolution Slider.
Revolution slider is simply a slider. It shows images and captions somewhere in your WordPress site. However it had a critical vulnerability.
Using a specially constructed URL the attacker could easily determine your database settings by downloading a copy of your wp-config.php file.
The URL is:
An attacker could simply visit this URL and get a copy of your config file, and then get into your database, and then essentially do whatever he/she wants with your site.
What you need to take away from this is that every plugin has the potential to add this kind of vulnerability to your WordPress site regardless of the simplicity of the plugin.
This again just reinforces the fact that when you see an update for WordPress, a theme, or a plugin you should be updating it as soon as humanly possible.
WordPress is a fantastic web site system but you need to understand that there’s a lot going on inside of WordPress that should be watched and taken care of. Otherwise you may end up paying someone like me to come in and figure out what happened, and try to fix it. (and I’m not cheap!).