WordPress vulnerabilities can be prevented

Because WordPress is the #1 CMS, it is a target

With popularity comes exposure. WordPress powers about 40.5% of all websites. It is the most popular CMS (content management software) around with 64.5% dominance according to W3 Techs. WordPress sites belong to both small and medium sized businesses as well as large enterprises. That makes WordPress a giant target for hackers and bot nets.

via GIPHY

According to Imperva‘s yearly analysis, the greatest number of vulnerabilities in WordPress come on the plugin side. “On the content management system (CMS) front, WordPress vulnerabilities have tripled since last year, and they continue to dominate in terms of the number of vulnerabilities published in the CMS category.” 

WordPress.org includes more than 58,000 plugins in their repository. Many of these plugins are incredibly useful and help extend functionality of your site. However, it is not at all unusual for plugins to be abandoned or not updated if the developer of that plugin loses interest or time to manage it. Sometimes plugins get forked to keep them up to date by others in the Open Source community, but just as frequently, they are left to languish. You may even have some of these outdated ones in your website.

Image showing out of date WordPress plugins in the repository
Examples of way out of date plugins in the WordPress repository.

When was the last time you audited the plugins you use on your site?

Regular updates of your plugins can prevent opportunities for hackers and bots to inject scripts or add malicious code. These bad actors know when there are opportunities to cause havoc and they have their networks scanning WordPress sites looking for them.

How do I update my WordPress Plugins?

Image - Example of how pending plugin updates are signaled in your WordPress dashboard
This is an example of how WordPress signals you that there are plugin updates pending.

Login to your site and proceed to your Dashboard and open the Plugins panel. You may see red numbers indicating how many updates you have pending to plugins on your site. Upon opening the Plugin panel, you may see yellow highlighted notes per each plugin which has a new version. Below you can see an instance of this type of note for Jetpack. You can click the hyperlink to learn what the new version details are or you can click the update now hyperlink to update immediately.

 

Example of a message on a plugin telling you that there is an update.
This image displays the note from the plugin developer that there is a new version of Jetpack available.

It is important to check which plugins have updates and to make a whole site backup prior to doing anything. Only then do we recommend updating your plugins. Upon upgrading, check how your site functions. It is not uncommon for upgrades to cause an issue with compatibility of other plugins.

Unless the update addresses a security risk, you may wish to consider waiting until the day after a new release before updating your site. While developers test their plugins, some issues are only discovered after release, when a large number of sites are running the new version. If  it’s a major release, i.e. 5.x.x to 6.0, make sure you click the link to view the details so you can be aware of major changes that may affect your site.

How do you choose reliable plugins?

Choosing dependable plugins is pretty simple.

  • Look for plugins which have had several versions and which have many thousands of active installs.
  • Use plugins which have been tested for the most recent version of WordPress.
  • Check out the Reviews and see what others have to say about using the plugin.
  • Look at the plugin support forum to see what kinds of issues others are having and whether or not the developer is responding to issues and how promptly the response if provided.

Did you update when the most recent WordPress update came out?

Another important way to prevent vulnerabilities is to keep your WordPress version up to date. WordPress 5.0 released in December 2018. Because it was a major release, your WordPress software did not update automatically as it does for incremental updates. [Read more about automatic updates.] Now we are at 5.6.2 WordPress version. Did you update when 5.0 was released? As of March 2020 slightly more than 20% of WordPress sites are running on versions older than 5.0. If you did, then you have also recently received updates to the incremental updates. If you never updated your website to WordPress 5.0, you should do so very soon.

Ensure your PHP version is supported and secure

If you are running on WordPress, the critical software underlying it is PHP. Versions older than 7.3 are no longer supported and are vulnerable. PHP is a scripting language that allows your website to be built with the data from your database. It is fundamental to WordPress and allows WordPress to function.

Each release branch of PHP is fully supported for two years from its initial stable release. During this period, bugs and security issues that have been reported are fixed and are released in regular point releases.

After this two year period of active support, each branch is then supported for an additional year for critical security issues only. Releases during this period are made on an as-needed basis: there may be multiple point releases, or none, depending on the number of reports.

Beyond plugins and WordPress versions

It is also very important to keep your theme updated. Themes can have vulnerabilities are well. You will get notes in your Dashboard > Appearance > Themes when you have theme updates. If you purchased a premium theme, be sure you are subscribed to them and get updates and notifications from the theme foundry which produced it. 

If you have customized your theme, be sure you did so using the Custom CSS tool in Appearance. This is only available if your theme supports this function in the Customizer

WordPress notes, “Starting with WordPress 4.7, you can now add custom CSS to your own theme from Appearance Customize Screen, without the need for additional plugins or directly editing themes and child themes. Just choose the Additional CSS tab when customizing your current theme to get started!”

If you have a child theme and you update the parent theme, your changes should be preserved.

Get professional assistance updating your website

If you are confused about when and what to update, please contact us. We specialize in WordPress and have resolved many issues for people who have sought us out for our knowledge.

Photo Credit: Photo by Luther Bottrill on Unsplash

Spec Website for New Realtors

Pandemic Pivot

When things are more different than they have ever been in one’s lifetime, we all have to adapt.

Screen Capture of Life in Mt. Pleasant, SC

To that end, we launched a new website, Life in Mount Pleasant, built with BoldGrid’s Diced theme. This spec site has been built to sell as a turnkey presence for a real estate professional who is focused on Mount Pleasant. The is a WordPress site and has all the bells and whistles one expects in a contemporary site built with the world’s most popular content management system. We’ve used images that illustrate the waterfront town, its history, and uniqueness. All we need to do at this point is find the right person and add their real estate feeds and presence specifically for them. 

The site comes with the highly desirable domain, a custom logo, all content, content and site customization for the new owner, premium plugin licenses for BoldGrid and Notification Bar Pro and a low monthly expense for complete WordPress managed hosting by Charleston PR & Design, LLC.

We invite you to help promote this site’s availability. Please share this post on social media, visit the site and talk it up with your friends.

Featured Photo Credit: Shem Creek Shrimp Trawlers by Terry Ott on Ficker.

March Madness Website Sale

Have you put off getting a professional website for your business? No time like the present to get one made for you. According to data gathered by Visual Objects, “Surprisingly, nearly one-third of small businesses (29%) plan to begin using a website for the first time in 2020. All businesses should have a website.” We completely agree. If you do not have a website, you are missing out on many opportunities to present your company and brand in a consistent way. And if you’re relying on Facebook or Instagram to act as your website, that’s a major fail. Quit failing. Start winning with a super, new site made just for you.

From now until the end of March 2020, we’re offering a crazy sale on new website development.

Get $712 in savings

This deal¹ includes FREE hosting (a $462 savings) and discounts our starter website package to $5oo (a $250 savings)

Your new website includes²:

  • WordPress as a CMS
  • Up to 3 pages (Home Page, About/Services Page, Contact Page
  • Blog Page
  • Device Responsive
  • Contact Form
  • Site Map
  • Website Hosting* for the first 12 months. After that, it’s $44 per mo.
  • Search Engine Listing
  • Social Media Menu
  • Google Analytics and Search Console
  • Website Security & Nightly Backups
  • Regular Software Updates
  • Free Images

What you do

You provide information about your company, staff, staff photos, logo, and details of your services, location, hours, and text to be included in the website such as blog posts for your new site.

What we do

We will build you a beautiful new website that allows you to represent your company professionally and with confidence. We will use BoldGrid site builder and include a BoldGrid Pro license in the site. You will be able to add additional pages and content. We will provide you a video tutorial to  help you learn how to edit pages or create posts for your blog. We will make sure your site is lightening fast in being served to your visitors and is hosted in a very secure environment where it gets backed up every night. We will keep your software up to date so there are no vulnerabilities in your site.



¹This deal is available for new clients only. If you are an existing client and need a new site, we will be glad to price services based on significant savings.
²All services are provided in accordance with our Master Service agreement.