When managed effectively, WordPress is a fantastic tool and is well protected, but there are certain measures that any website owner must take to ensure their website and plugins remain secure.
In addition to the vital WordPress updates, you also need to be vigilant with the plugins which your website uses, and ensure they are also monitored and updated, as the recent incident we discuss below highlights.
Not confident in managing the security of your WordPress website and plugins yourself?
IJL Web Solutions offer a monthly plugins/security service as part of which we ensure that the WordPress, theme and all plugins are kept up to date. During this we first back-up the site to a remote location, perform the required updates and then test. If anything fails we restore the back up and discuss with you, to decide how to proceed. Often this will include replacing the plugin with an alternative (when one is delisted or no longer kept up to date). This provides peace-of-mind, ensures that you have the reassurance that all updates are checked and updated regularly. For more details please contact us.
A recent article from Wordfence, highlights a great example of where our plugins/security service would have been invaluable. Issues like this are picked up with our service, but can be missed by yourself.
“If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor. The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin.”
“This company and the individuals behind it appear to be responsible for injecting malicious code into a plugin used by over 200,000 websites.”
The WordFence blog covers article gives the full detail:
www.wordfence.com/blog/2017/09/display-widgets-malware/