3 compelling reasons to update and secure your WordPress website

Wordpress Website Hacked Stamp

Your WordPress website needs regular maintenance to perform optimally. The WordPress core application is constantly being updated, and along with it are WordPress themes and plugins. Keeping your installation up-to-date is extremely important – especially since so many updates contain security fixes and patches that will prevent potential exploits of the vulnerabilities of your WordPress website or blog.

Due to its widespread popularity, WordPress-based sites are a constant target of hackers and spammers. The WordPress developers continually monitor this and create patches to fix any potential security holes, leading to regular updates that will keep your WordPress installation clean and safe. If you do not keep your WordPress installation current, you risk becoming a victim to malicious attacks that would otherwise be easily prevented.

Additionally, WordPress is known to be something of a “memory hog” and frequent posts and visitor discussions can quickly take up space and increase bandwidth.

Maintaining WordPress is more than simply updating the core, themes and plugins. There are numerous WordPress maintenance tasks that should be performed regularly in order to keep your site running optimally and securely. You should also conduct a security audit to make sure you are following the latest protocols.

The following examples outline three real life examples of WordPress maintenance-related issues. Each highlights the importance of keeping your WordPress installation updated, maintained and backed up.

1. Outdated WordPress site hacked; infects entire server

We used to host client sites on our server. We ran into one instance where one of these clients neglected to update their WordPress installation for quite some time. Needless to say, they got hacked, falling victim to a widespread hack attack on WordPress sites across the globe. Once these hackers got in, they were able to navigate through and infect every single site on our server. Our personal site went down, along with several development sites and a few live client sites. Thankfully we had recent backups of everything, but it was still quite a mess to untangle. Lesson learned.

This wasn’t the first time we’ve seen WordPress sites get hacked, and it certainly won’t be the last. As of the time of this posting, we had another client contact us just yesterday explaining that his site was hacked and flagged as “unsafe” by Google. It was, however, the first (and only) time our own WordPress install was hacked. Although our site itself was secure, we were hacked by another insecure site on our server. This just serves to show that even though you may think your site is secure, there may still be vulnerabilities elsewhere that still pose a risk. Make sure you not only secure your site, but that you also know your hosting environment and, just as importantly, have a backup. If you’re not 100% sure you can handle all of this, our maintenance plans will handle the burden for you.

2. Outdated plugin crashes WordPress site

One client of ours initially refused the maintenance package, intending to update his website on his own. After all, WordPress provides simple “update” buttons that enable users to easily update the application, most plugins and many WordPress themes at the click of a button. One time, however, this client called us in a panic. He updated his WordPress site and it crashed. His site was nothing but an error page and he had no idea what to do. He also had not backed up his site in some time and was concerned he would lose data.

We tracked the error to a WordPress plugin that was incompatible with WordPress 3.0, a major release of the platform that included several new enhancements and features. The issue was that the plugin relied on WordPress code that was depreciated and no longer supported by the platform. So when the client updated WordPress, the plugin generated a major error: as in nothing else would work. Lucky for the client, we were able to roll back WordPress to an earlier version and then replace the outdated plugin. Not all plugin developers maintain their code, so even though a plugin is “free” – it may end up costing you more than you think! This client has since subscribed to our maintenance plan, which provides “insurance” against crashes like this.

3. Spikes in server load due to bot attack causes bandwidth crash

One of the common methods hackers use to attack WordPress websites are brute force attacks on the login page, trying to guess the admin password.  These automated scripts cause huge spikes in server load and the increased bandwidth can be enough to take your site offline. This has happened to a few sites that we manage, resulting in phone calls from clients in a frenzy. Fixing this usually involves working with your website hosting company’s support team, asking the “right” questions and then implementing one or more fixes depending on the source of the problem.

Our experience in dealing with this type of issue helps get your site back online quickly and patches the source of the problem. Our maintenance plan includes tasks that help minimize this risk as well as covers the repair.


WordPress Maintenance Plans

Because proper WordPress maintenance can be an arduous task, Agua Web Design has created a suite of WordPress maintenance plans. Our plans all focus on keeping your WordPress installation up to date, clean, secure and running optimally. They also include regular backups and restoration services. Each maintenance plan offers the same helpful features – the difference is the update frequency. Contact us today to find out which package is the best fit for your WordPress website.