There are relatively simple steps to protect your site. According to Sucuri’s 2019 Hacked Website Report over 56% of CMS application were out-of-date at the time the site was infected. The WordPress Security Team, a group of 50 security experts, is hard at work constantly updating the core application to combat the ever-evolving threats. While many updates contain general features, it’s the security patches that are critical. Simply updating the core WordPress version to the latest goes a long way to keeping your site secure.
A common secondary issue is the use of unpatched plugins. The plugin ecosystem for WordPress is impressive but it’s important to recognize that not every plugin is well developed and well supported. Vulnerabilities in plugins account for 56% of known entry points in a survey by WordFence.
While its tempting to use a free plugin, and there are many good ones, plugins with paid licenses or support are more often kept up to date by the developer. You should carefully consider each plugin added to your site and make sure to keep them updated. If the developer stops supporting the plugin, switch to a new choice that is patched regularly.
Another foundational issue is the software version used in your hosting environment. PHP is the core technology used on WordPress sites and the current version is 8.0 with versions older than 7.3 no longer receiving security updates (as of Dec 6, 2021). Despite the increasing number of discovered PHP vulnerabilities only 1% of sites that run PHP are on version 8.0. Make sure that you’re using a fully supported and patched version of PHP, or you leave your site vulnerable to known exploits.
Bottom line, WordPress is not build it and forget (no site is). Constant maintenance and patching are needed to protect your business. All Blue Ace Technology managed sites are patched and supported monthly with known vulnerabilities patched asap.