Why You Want To Make Sure Your Site Uses The Latest WordPress Version
- How to check if your website is using WordPress
- Why you should stay up to date on WordPress updates
- How to stay on top of WordPress updates
- Best tips to keep your WordPress website secure
- So, is WordPress secure?
WordPress is available from most web hosting providers with a one-click installation. It’s easy to set up and use, and it’s open source, therefore free to use. This is why many small businesses create their websites with WordPress.
With a very friendly administration interface, WordPress makes it easier for non-technical people to understand and operate the CMS.
But WordPress is equally suitable for enterprise clients. It can be downloaded and installed on your company servers. It’s scalable, flexible, and SEO-friendly out of the box. Additionally there are great features like a powerful media library, content previews, page revisions, blog area and a decent user management system.
While small businesses are likely to buy a ready WordPress theme with plugins, business customers are likely to opt for custom theme design and development. So they can have more granular control over the appearance and the code that is developed.
WordPress now powers over 35% of all websites on the internet. Therefore, there is a high probability that your company website will be created with this content management system.
Now, you may be wondering: Is WordPress safe? What can I do to make sure my website is safe?
As you can expect, with all possible combinations of plugins+themes out there, it is reasonable to think that there are vulnerabilities.
How to check if your website is using WordPress
If an external agency developed your company’s website and you don’t know what’s the technology behind it, you can find out by doing this:
- Go to the BuiltWith website
- Enter your website URL
- Read the report and see what technology your website uses
- Check the CMS section and see if the WodPress name appears
Why you should stay up to date on WordPress updates
With new security vulnerabilities being discovered every day, you want to make sure your site is up-to-date with the latest version of WordPress.
Your website is the first thing a customer sees before meeting you. Imagine that you are in your busiest period of the year and your website is suddenly hacked. Even if you have a proper backup policy, it will take a little time to restore the situation.
When your site is hacked, it may not be obvious to notice. Your website often looks the same as usual.
Malicious code could have been injected into a file, generating links that Google indexes. You don’t notice anything on your website, but if you go to Google and type “site: yoursite.com”, you might get strange URLs. Other types of hacking result in things like changing your content or redirecting your website to an external URL.
If your website has been compromised, this can also affect other websites that you have on the same server. And your hosting provider may decide to suspend your website, especially if it is on a shared server.
At a minimum, you will spend a good amount of time and energy to restore the situation.
You can minimize the chances of this happening by keeping your platform up to date.
How to stay on top of WordPress updates
There are two ways you can update WordPress, the manual way and the automatic way.
The manual way is more time-consuming, but it can also be safer. It allows you to review and validate the new version before you release it to your live enrironment. With this, you ensure your site doesn’t crash when updating.
Ideally, you should follow an industry-standard continuous integration workflow. The WordPress updates should be done on a development environment, fixing any bug that may arise. Once stable, changes should be deployed in the testing environment. Ideally, a copy of the live database should be brought to the test server. This allows you to test the new WordPress version with the content that you have on your live website. At that point, you can run automated testing or conduct manual QA and regression testing. This allows uncovering any potential error and prevents any go-live surprises.
Once you validate your website on the test environment, you can deploy with confidence.
Best tips to keep your WordPress website secure
1. Keep your WordPress platform up to date
We have explained above why it’s important to keep your WordPress, plugins and theme up to date. But it is equally important to keep your website using the recommended PHP and MySQL versions.
2. Choose a good hosting provider
The next thing you can review is your hosting provider and see how it performs. You can use tools such as Pingdom to evaluate how your server responds when your website is called.
Some hosting providers offer security and performance tools that you may have not activated, so login to your control panel and see whether you have some server cache mechanisms that can be activated, for example Sucuri or Redis. Additionally, sign up with Cloudflare for an extra push in security and performance and add their plugin to your site.
Unless you use a managed service, you need to ensure that your server has the latest security patches.
We recommend Pantheon.io to host your WordPress websites, no matter how small or big they are.
Things that we like in Pantheon:
- You have a single panel to manage all your servers.
- By default, you get 3 servers out of the box, for development, staging, and production. They all include an SSL certificate .
- You can see the status of each server, and password protect them as needed.
- You can create backups, and restore your website to a previous version with one click.
- The WordPress core, as well as the plugin code, is write-protected in live and test environments. This feature protects against unauthorized updates that can result in compromise.
- You can update your WordPress to the latest version with the click of a button.
- Then you can deploy your code to test and sync the production database, so you can safely review the new version.
- You can create a branch of your project to develop new features or change your website. This allows you to continue doing normal work on your website while the new version is developed.
3. Install an SSL certificate
Usually this comes with your hosting provider. If not, you can check Cloudflare for a free SSL certificate.
4. Use strong passwords
You should always use strong passwords to access your server and control panel. There are good tools to generate strong passwords and storing them securily. When possible add a 2 Factor Authentication mechanism for an added security.
This is the easiest step you can take to reduce the chances of your systems being compromised.
5. Install a security plugin
Some hosting providers come with some pre-defined security plugins, such as Sucuri or Wordfence. Alternatively, check out the free All In One WP Security & Firewall plugin, which comes with features like renaming the login page, limiting the number of login attempts, adding captcha and honeypot components to your forms, hide WordPress references in your code, disable editing of theme files, etc.
So, is WordPress secure?
While no system is 100% secure, WordPress has a large community around it to ensure that vulnerabilities are fixed as quickly as possible. New versions are released all the time, most of them to fix minor bugs or to increase performance. But there are also important security releases that you want to make sure are applied to your website as soon as possible.
If you keep the WordPress platform and server well maintained and updated as explained above, all should be good.
Do you need web maintenance services?
An outdated or poorly performing website will cause people to leave your website with a poor first impression of your business. If it gets hacked, you may lose up to 98% of your website traffic.
Agile Digital maintenance plans are aimed to protect your site from cyber threats by keeping your security systems up to date. When you maintain your security protections, customers will feel more comfortable making purchases on your site.
With an Engineering degree in Business Computing and a passion for travelling, I've been fortunate enough to gain international experience working and living in the US, France, England and Spain. My skill set ranges from technical abilities (Programming, Databases, APIs, Architecture, Consulting) to management/business capabilities (Project Management, Strategy, Finance, Lean Startup).