Just like accidentally having your fly open in public, not having your website up-to-date leaves you exposed.
Keeping your website up-to-date is extremely important. If you don’t you’re leaving your site vulnerable to exploits, which hackers can take advantage of.
As many know, Goldstein Media is a WordPress design and development shop. WordPress powers more than 40% of the websites on the internet. Which makes it a popular content management system for companies of all sizes to build on. With WordPress’ popularity it is a target for hackers who are looking for vulnerabilities to exploit.
But this isn’t just a WordPress issue. All Software has vulnerabilities that need patching, from time-to-time. The more popular it is, the more hackers try to break in and exploit it. I don’t know how many times I get updates from Adobe with updates. Sometimes they’re feature updates other times they are bug fixes.
The Infamous Plugin Vulnerability
A plugin vulnerability is one of the most common web security flaws that hackers try to exploit. A plugin is software code installed on a website’s server. Often it’s hosted by the website’s domain owner or managed by a third-party service provider.
One of the most common is cross-site scripting (XSS). It allows attackers to inject malicious code into a web page via JavaScript, HTML tags and other programming language elements. This can cause damage to your website and its visitors’ computers.
You might be surprised to learn that the majority of WordPress site vulnerabilities are related to plugins. That’s not all that surprising when you consider that plugins are used by website owners and developers to enhance the website functionality of their site. The problem with plugins is that many of them are poorly maintained, which leaves vulnerabilities unpatched exposed to potentially be exploited by hackers.
This is why you need to stay up on plugin updates and auditing what plugins are not being maintained.
Your Site Reflects On Your Business
Your website is a reflection of your brand and it should be kept updated to stay current with the latest security threats. Nothing’s worse than having a site with errors popping up when a potential client comes to your site.
Every website is vulnerable to potential attacks, but the more up-to-date your site is, the less likely it is that hackers will find a way in. You can lower your risk of attack by updating plugins and core code, upgrading plugins on an ongoing basis, making sure you’re on good hosting (affiliate link to our favorite host, Flywheel), and requiring strong passwords.
You may have already heard of plugin vulnerabilities on some of your favorite websites. But have you ever wondered why some plugins are on the site at all?
The answer usually involves keeping your site up-to-date with plugins that are compatible with the latest version of WordPress or other CMS platforms. Plugins are used to extend the functionality of your website beyond what’s already built into WordPress core. They can be used for everything from selecting colors to creating slideshows to building out the entire site (ex. Elementor).
Whether they’re using WordPress, Joomla, Drupal or another content management system, plugin vulnerabilities are a fact of life these days. If you’re not careful, you could be putting your customers at risk by exposing them to vulnerabilities that have been detected in hundreds of thousands of WordPress plugins.
To help minimize the damage plugin security issues can do to your business, it’s essential to keep an eye on your plugins, CMS core files, as well as logins credentials and update them as soon as possible after they’ve been discovered. This ensures that your website is up-to-date with the latest security patches available for any vulnerabilities that are known as well as any login credentials that might have been stolen or leaked.
At Goldstein Media, we host our clients’ sites and maintain them to keep them up-to-date as well on a daily basis. We insure 30 days of daily backups and daily updates of plugins and core files.
If you’re interested in learning more about what we do for our clients or just want to say hi, drop us a line.
