A couple of unsurprising but notable facts about WordPress security caught my eye recently.
- 93% of security bugs were found in plugins.
- 42% of WordPress sites have at least 1 vulnerable plugin.
SOURCE: Patchstack’s State of the WordPress Security in 2022 Report
Don’t let them get you, update those plugins!
This is the main reason why WordPress plugins should be updated as soon as a new version becomes available. Use a service like ours (learn more about Castle Builder WP Manager) or set your plugins to automatically update. Warning, though, issues can arise when you update a plugin. This is why it’s best to have a professional handle your site. Castle Builder monitors sites we manage so that we can immediately take action if there is a problem.
Even if you keep your plugins updated, you are still depending on the developer of each plugin to keep their plugin secure. So, be careful about the plugins you install in the first place. Only use what you really need to achieve the features you want on your website. If a plugin has not been updated by its developer in a long time, avoid it. It means they may not be keeping with security issues.
What else can you do along with keeping WordPress core files and plugins up-to-date?
Yes, there are additional steps you can take to ensure your site is as secure as possible.
- Don’t neglect to use strong passwords for all admin accounts. They should be impossible to guess. Yes, that means you won’t be able to remember them, either! I recommend using a password saver like LastPass or 1Password.
- Install a security plugin like Sucuri or Wordfence—or both! Even the free versions offer good security features. If you keep them up-to-date…
- And for goodness sakes, back up your site regularly. A clean back up is vital in the case of a hack. There are plugins that can help with this, or backups may be provided with or available through your hosting.
Even with precautions, no website is 100% secure. So, make sure your website is regularly scanned for any irregularities. All Castle Builder hosting plans include daily scans and malware clean up, so you can rest easy. If you host elsewhere, we will review what security services your provider offers, make suggestions, and work with them in the case of a hack. Contact us for more info.