There’s a perception among SMBs that security on WordPress is a non-issue. That needs to change. They’re putting themselves at risk – many don’t even know it.
There’s been plenty of talk about how WordPress – about how every content management system – is horrendously insecure; how you shouldn’t trust these platforms with any mission-critical data. Most of that talk is largely fear, uncertainty, and doubt. Most content management systems are actually incredibly safe, and the core installation of WordPress is among the most secure on the web.
That’s sort of hard to believe, I know. There’s been a rash of news about WordPress’s many apparent vulnerabilities over the last few weeks – enough that many of them sort of blur together in one’s mind; it becomes difficult to tell Ghost from CryptoPHP from standard SQL injection. Here’s the thing about all of those vulnerabilities, though:
At the end of the day, they can all be linked back to insecure practices on the part of either a plugin developer or the end user – not the platform.
With that in mind, it’s not necessarily surprising that a recent CodeGuard study found that the majority of small businesses think WordPress security is something they can basically leave on the backburner. That’s a very, very bad thing. See, even though WordPress is a fairly secure platform, it’s not that difficult to make it insecure through a few lackadaisical security practices.
Given how consistently WordPress has become the target of cybercriminals of late – as the most popular content management system on the web, WordPress and the sites it hosts are attacked more frequently than every other CMS combined – this means any business that doesn’t do everything in its power to make sure its website is secure potentially opens itself up to site defacement, data breaches, or malware.
“WordPress is a pretty powerful web application once you get used to it,” CodeGuard’s David Moeller told Small Business Computing. “Unfortunately, people don’t often realize that there are some dangers and downsides. The vast majority of people are winging it [where website security is concerned].”
The irony of CodeGuard’s survey was that 24% of respondents considered their sites their livelihood, and would pay ‘almost anything’ to restore them, with some even reporting that they’d be willing to part with thousands of dollars.
Even in the face of this, however, the majority of respondents don’t backup or update their sites regularly. They don’t have an IT expert on staff to help them when something stops working. They don’t bother to pay attention to password or plugin safety.
The end result is that cybercriminals have a wealth of easy, profitable targets, many of whom can be accessed with a simple backdoor or brute-force password guesser.
Thankfully, there’s some good news that I can offer you amidst all the bad. If you’re a small business owner yourself, then it’s actually not all that difficult to get your WordPress installation up to snuff – it shouldn’t be a huge undertaking to make things more secure. You’ll just need to see to a few things first:
- Only Download Plugins From Reputable Sources: Legality and morality aside, you should never, ever download a pirated premium plugin or theme. Not only are you ripping off the developer who originally created them, there’s an incredibly high chance they’ll contain some form of malware – that you’re actively compromising your site with the download.
- Update Regularly: This one’s self-explanatory. While you can probably ignore the odd functionality update, you should never shirk the installation of security patches and bugfixes. They exist for a reason.
- Use A Decent Password And Username: Again, self-explanatory. Don’t just go with the default username, and try to come up with a complex password so as to keep your blog secure.
- Pay Attention To The Latest Vulnerabilities: Perhaps the best thing you can do is regularly check the news. Generally, when a vulnerability is discovered in a plugin, it doesn’t take long for people to start reporting on it. Keeping an eye on such reports could be just the thing to keep your site safe.
There’s a largely-erroneous belief among many SMBs that WordPress security isn’t really something they need to worry about. The reality couldn’t be further from the truth. Regardless of what field you work in or how large your business is, there’s never an excuse for neglecting security – and the small businesses that do ignore it have only themselves to blame if they suffer a breach.
About the Author:
John Mack is a technical writer for Datarealm, one of the oldest web hosting companies. You can follow Datarealm on Twitter, @datarealm, Like them on Facebook, and check out more of their web hosting articles on their blog, http://www.datarealm.com/blog.