Last week I was asked “Should I update my WordPress site?” On the same day, someone else told me they never update their content management system because they are worried about messing their site up.
Please let me add my voice to the chorus of “Yes, you must update WordPress”.
Whether it is WordPress, Joomla, Drupal or any other open source content management system, the upgrades are almost always about security, and fixing a vulnerability that someone has discovered.
When these vulnerabilities are found it is inevitable that they will be exploited. Hackers want to access your website for the data it might hold, for the fun they might have messing with your site, or (most likely) so that they can distribute a botnet system for spamming, bitcoin mining or other money making purpose.
Then end result for you the site owner is generally disastrous, with your website being unavailable and potentially unrecoverable. so don’t let these people in in the first place.
I say people, but hack attacks generally start with automated bots searching the web for versions of a CMS that have a known vulnerability. They deliver the URL to another program that may attempt to see if the vulnerability has been closed down. If not, then the hacker might be informed or an automated routine might implant code into your site.
Some of these attacks are highly sophisticated but a simple four step approach will keep 99% of all hack attempts out.
1) Keep your WordPress or other CMS system up to date. It is simply a matter of pressing the button when the update available message appears.
2) Install a good security plugin.
3) Install a good backup utility
4) Make your username and password combination is both long and complex.
That is pretty much all you need to do to be as safe as anyone else is from hack attacks.