Wordpress is now estimated to be used on nearly a third of all websites1. Within fifteen years it has gone from an offshoot of an obscure blogging software installed on a couple of thousand websites to a mammoth open-source CMS system used by the likes of estate agents, online retailers, celebrities and some of the world’s largest companies.
Yet, the aspects of Wordpress that has contributed to its success - free, open-source and extendable – has also made it highly vulnerable to hackers.
As an award winning web agency in Salisbury, we regularly get enquiries from businesses that have had their website hacked and need our assistance. Nearly all of these are for websites hosted on Wordpress. And the issue seems to be growing year on year.
It’s a similar story; the client had their website built by a web designer who was cheaper than the competition. They built a nice looking website with Wordpress and everything was great – until it wasn’t. Their website got blacklisted in Google and enquiries dried up or their website was defaced causing massive reputational damage.
Because Wordpress is open-source, its code is available for anyone to see. Hackers trawl through the code looking for vulnerabilities that will allow them to hack websites using Wordpress. As such, throughout its history Wordpress has had many high profile security issues where vast numbers of websites have been exploited2.
Many web designers who lack the technical skill to create a CMS solution for their clients heavily rely on Wordpress and its third party plugins to provide the functionality their client requires. Again, the code for these plugins is accessible for everyone to see, including malicious hackers.
The way to mitigate the risk of being hacked when using Wordpress is to ensure your Wordpress, theme and plugins are always up-to-date.
Yet, this isn’t always enough. Plugins used by web designers using Wordpress often become abandoned so new updates with security patches are forever unavailable. Websites using such plugins are a sitting duck for hackers. Another common occurrence we’ve seen is the web designer has used a premium plugin which the client wasn’t aware would cost a hefty fee annually if you want to benefit from updates (which now should be clear is more of a necessity than a luxury). Without understanding the security risk, many of the clients simply leave the plugin to become outdated and vulnerable.
Wordpress has its place (see 4 reasons to use Wordpress), especially for clients on low budgets. However, our experience is that many of these clients either have to pay more than expected for plugin subscriptions and updates or, for those that don’t stay on top of updates, a larger financial and reputational cost when their website ultimately gets hacked.
If you’re not sure if Wordpress if right for your website then please don’t hesitate to get in touch and we can discuss your requirements and provide honest and helpful advice.
We are Webbed Feet, we build safe and robust websites in Salisbury.