According to w3techs.com:
WordPress is used by 63.2% of all the websites whose content management system we know. This is 35.7% of all websites.
Which means WordPress is a worthwhile target for hackers. In the PC world it’s why Microsoft with it’s vast market share is targetted more than Mac OS (and conversely why iOS is targetted due to the iPhone’s success).
According to the developers of the WordFence plugin:
We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized in various malicious ways. The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.
You can read more on the WordFence blog here.
So that’s why I, and most web developers, offer an annual security and maintenance package to keep your site as safe as possible.
WordPress is regularly updated for both general improvements and security. Plugins also are updated and while it is feasible for users to do these updates themselves I recommend a proper backup strategy before embarking on any major WordPress updates.
Each client will require a different plan, partially depending on what services the website host provides, partially depending on the size of the site, and partially depending on whether it’s e-commerce or not.
Custom WordPress Backups
My preferred hosting provider offers daily backups, fast restore and a staging server option (which allows for the testing of new versions of WordPress and plug-ins without affecting the live site), so my involvement is less.
Custom Firewall Rules To Patch Vulnerabilities
They also manage the overall security of the website at a server and firewall level by keeping track of WordPress-related vulnerabilities and patching against exploits. They add dozens of such rules each year and are able to protect sites even before the official developers release a security update.
However, not all hosts are equal.
If you’d like a security audit on your current WordPress website, or would just like to find out more, please get in touch.