Tom Barrington, founder and lead developer at Makilo, tells us about the risks business owners face when running an online business, including the importance of WordPress security updates and the steps they can take to keep websites safe.
When it comes to flexibility and ease of use, WordPress is a brilliant tool for businesses. Many SMEs rely on it to power key infrastructure such as their online eCommerce shops, drive their advertising or simply showcase their portfolio. So much so that, according to W3Techs, WordPress powers 43% of all the websites on the Internet [1]. While the debate as to what makes WordPress so popular (and whether it deserves this mantle) is keenly debated by Web Developers, Marketeers and Businesses Owners alike – what I’m sure they can all agree on is its popularity as a target for cyber attacks by hackers and criminals.
Why are WordPress security updates important?
Here’s a scary statistic about UK businesses that might surprise you: a recent UK Government survey of SMEs reported that 4 in 10 UK businesses suffered a cyber breach or attack in the last 12 months. What’s more, they estimate the average losses to medium and large businesses to be in the region of £20,000 – a number they acknowledge is likely under-reported [2].
Security in WordPress is taken very seriously, but as with all software and IT systems there are potential security issues that may arise if some basic security precautions aren’t taken. The same risks apply to any third-party WordPress themes or plugins you or your web developer may have installed on your website. They combat these security issues by releasing updates that aim to plug these vulnerabilities as and when they arise. Sadly, this is a never-ending game of whack-a-mole where developers endeavor to stay one step ahead of the hackers. Moreover, it relies on WordPress and third-party themes and plugins keeping up with releasing new updates in a timely and regular manner.
Here’s a scary statistic about WordPress websites that might surprise you: 44% of hacks were caused by running an outdated version of WordPress [3]. You’re probably asking yourself a few questions right now:
- Who manages my WordPress site?
- When did they last run the updates?
- Do they even do the updates?
Now here’s the point we want you to take away: If you’re unsure about any of the answers to the questions above then your business’s website and its customers are likely vulnerable to attack by hackers and criminals right now.
So now that you’re suitably terrified, you may be asking what do I do now?
The answer might seem simple – I’ll just log into WordPress, click ‘select all’ against WordPress, your theme and all your plugins, then cross your fingers and hit the ‘update’ button – but before you do, consider this:
- When were the updates last run? Was it 3 months ago or 3 years ago?
- Will the different plugins still be compatible with the latest version of WordPress – or will there be breaking changes?
- Is my site still functioning correctly – or can my customers no longer make an online purchase?
- When shall I run the next updates – or is that it for now?
One way to approach updating your website is to think about it in terms of running your car. You can forget to check the oil regularly, not bother changing the tyres when they’re looking a little worn and ignore the service warning light. Or you can invest time and money in servicing your car and keep it running like a well-oiled machine. Both might still get you from A to B, but ask yourself this: when the annual MOT test comes around, which is more likely to pass first time and which will leave you broken down with no car and an unknown bill.
How Makilo proactively manage WordPress security updates
At Makilo our team takes a proactive approach to website security management involving our ‘Plan, Test and Update’ process:
- Planning for updates means understanding your website’s build and the different combinations of WordPress plugins that make it function as a tool for your business. Check the theme and plugins are from reputable developers that actively update and support their software.
- Testing updates involves reading developer release notes for breaking changes and checking if your key features still function correctly in an environment that’s not going to disrupt your customers. To do this we design a Testing Procedure bespoke to your website.
- Updates are rolled out to the live website with confidence and minimal disruption to your customers.
Need help managing your website security updates?
Your website is likely a critical part of your business therefore cyber security should be a key concern for all business owners. Taking a proactive approach to keeping your website secure and up-to-date will greatly reduce your chances of becoming a victim of a cyber attack.
If you’re serious about security threats to your business and want to take the burden out of your hands then talk to us about our Website Security Management service.
