The Web Development Silver Bullet: WordPress Security
Everyone knows how easy it is to setup and run a WordPress. It is all the rage in the business world for non-technical people who need a lot of functionality without spending a whole lot on budget. Developing an app can cost upwards of $100,000 so WordPress naturally makes a lot of sense for most small business. WordPress is also wildly popular because there is a huge open source community developing plugins that extend functionality to 100,000 times over on the system itself. This ecosystem has made it one of the most popular platforms to develop websites on in the past 10 years. There are some drawbacks and weaknesses like WordPress Security, Backups, and Plugins that make this ecosystem rife with problems.
Is WordPress Really that Great?
All this greatness does have some drawbacks. The number one problem with WordPress is that the community tries to create standards around plugin development, however, in reality, the plugins themselves are supported by individual developers around the globe who may not keep their plugins up to standard with the WordPress platform. This flaw in the system is the #1 source of data loss, malware attacks, and major security vulnerabilities.
When people developing a WordPress decide they want start adding 10, 20, or 30 plugins to extend the site’s functionality, that type of unchecked behavior begins to creep into the dark side of WordPress. Not all plugins will be supported once you install them, so as the platform progresses from version 4.5.5 to version 4.5.6, the plugins could fall out of line with the platform updates and standards.
On the website https://wpvulndb.com/ all known wordpress vulnerabilities are dumped onto the internet so developers can fix their issues, but the information is also there for hackers who can use this infromation to raid your site, steal your information, or just shut you down. When a WordPress is managing 10, 20, or even 30 plugins (in some cases), that site can become a target for hackers, therefore, when you add more plugins you really open the WordPress up to being more vulnerable.
Does this mean that we stop building our websites in WordPress?
NO! This article isn’t meant to be all doom and gloom. There are 3 surefire ways to protect your wordpress from hackers and bad actors surfing the interwebs.
First, install and add a comprehensive security plugin, like all in one wordpress security. With the security plugin you will eliminate half of the bad actors on the internet trying to disrupt your business.
Step 1: Add a security tool like All in One WordPress Security (rate by Infosec Institute as one of the 7 best WordPress security plugins – http://resources.infosecinstitute.com/7-best-wordpress-security-plugins/)
- Includes a firewall
- Stops brute force attacks on the admin login
- Removes scripts that can make wordpress vulnerable
- Monitors users, IPs, and whitelist IPs for users
- Can blacklist IPs from known attackers
Second, add a backup and performance manager like ManageWP. With this solution you will have automated backups with 1-touch restore point on your website host in case your site is breached.
Step 2: Add a backup and performance too like ManageWP
- Does backups and can restore your site if ever attacked
- Scans site for malware
- Monitors site performance and uptime
- Monitors users
Lastly, stop adding so many plugins to WordPress! If you really want to extend your website, look into developing a custom application or using 3rd-party software that has already been developed.
Step 3: Limit the number of plugins you add to WordPress
- Try to keep the number of plugins limited to 15 or fewer
What does it all mean?
WordPress is no doubt a great platform for rapidly developing a website, but it doesn’t come without its downside. The best practice here is to protect your site, backup your data, and be selective about how many additional plugins you use in your WordPress, because it could mean the difference between a site that lasts or doesn’t.