WordPress is a popular blogging platform that’s often used to build whole websites. Some also use the blogging features.
Extending WordPress is simple. Many third-party vendors offer plugins to add functionality, such as building a contact form or enhancing image layout. Some are free to use, and others are “freemium” or paid.
WordPress also features themes, which are similar to plugins in that third-parties develop them, but they’re installed and managed differently. Usually different vendors, too.
But what these all have in common are the core WordPress framework, the “look and feel of a WordPress website” – the theme, and one or more plugins to extend site functionality and management.
WordPress is typically hosted on Linux and administered using cPanel software. Its written in PHP, a scripting language, and it sports a MySQL database to store content of pages and blog posts. Geeky details.
If your site’s only content and you’re regularly backing it up, WordPress is great (free – only hosting) value.
But. Improperly managed WordPress is swiss cheese. Whole holes of security.
Companies routinely extend WordPress with those plugins. After all, this software’s been around a long time, and WordPress routinely updates its versions.
But do you? And do you regularly manage which plugins you use and monitor for vulnerabilities? Likely not. WordPress doesn’t control the code or quality of those plugins – so keep that in mind, too.
A few tips for those of you using WordPress sites, whether for personal websites or business websites:
🧀Choose a username that isn’t the default name WordPress offers of administrator.
🧀Use a strong password with that cryptic username
🧀Add multifactor authentication to WordPress. Yes, you can do that.
🧀Remove unused themes.
🧀Remove unused plugins.
🧀Ensure all plugins and WordPress itself are current versions.
🧀Understand third-party risk. A whole other “someday” post, but you can search it.
🧀Intentionally consider your risk if you’re using plugins that take information from consumers or businesses and storing that information in your website’s database.
🧀Regularly evaluate if your website may be outgrowing this model – if you’re taking credit cards, for example. There are plugins that accept credit cards, for example.
🧀Know what plugins your site uses and monitor for vulnerabilities. Yes, this is difficult. Someone needs to do it, though.
Websites are public. Secure them.
If you sell cheese online, give a shout in the comments.
(If you typo and add an “s” in front of word, you get sword – I realize this post was merely informative and not witty, only cheesy, so I had to add something).
#wordpress#wordpresssecurity#cybersecurity#businessrisk#smallbusiness#smb#websitesecurity
