According to a recent article from the great folks at Wordfence, over 55% of hacked websites are due to a vulnerability of a plugin on the site. Even the most basic site typically has a handful of plugins on it, so what can you do to keep yourself safe? See below for some tips.
Vet quality plugins
When choosing plugins for your site, there are things you can do to help ensure that you’re using a quality plugin that is unlikely to cause problems. Here are some things to look for:
- How many times has it been downloaded?
- How frequently is it updated?
- How often does the plugin author respond to issues in their support forum?
A big problem is when a plugin becomes abandoned and new vulnerabilities aren’t addressed. With over 40,000 plugins available, this happens quite often. It’s for this reason that we encourage you to not always look for free solutions, as many times the free plugins are the ones that go stale. A paid plugin from a reputable company will likely continue to be updated longer into the future, though you should keep an eye on things either way.
Use clean themes
Related to this are the themes that come with lots of features baked in. We always encourage people to choose themes that look and work great but have zero functionality built-in. All of your functionality should come via plugins, so that it’s easier for you to keep an eye on what you have, update them on a regular basis, etc.
Case in point, a few years ago a major security hole was found in the popular Revolution Slider plugin. Those that had loaded it as a separate plugin were able to update it and stay secure. However, it was also a built-in “feature” that caused hundreds of thousands of sites to get hacked, because the site owners weren’t aware of the issue on their site.
Keep everything updated
This should be obvious by now, but keep your plugins (and WordPress itself) updated. Do it carefully, as things can sometimes go wrong, but if you use a clean theme and use quality plugins, the odds of a problem occurring are low.
Keep it backed up
Of course, having “low” odds of a problem occurring doesn’t mean you’ll always be fine. Further, even if you follow every security practice perfectly, there is always an off-chance that you’ll be hacked. In either case, having a solid (recent!) backup of your site can be a life-saver. Your web host likely has one and can help you in case of emergency, but having a second copy is always something you should be doing.
We talked last year about the tools we use to help keep sites updated, backed up and secure. Check out that article to learn how to do it yourself, or hire someone (like us or many others) to do it for you.
How else can I get hacked?
If plugins are 55% of the causes of hacks, that leaves a lot of other situations out there as well. The full post on Wordfence offers tips for keeping your site protected against other attacks and is well worth reading.
If you need further help getting things squared away, please reach out to us and we’ll be happy to help.