A new version of WordPress is out, and it’s time to get updating those sites! Version 4.8.3 was just recently released to deal with some SQL injection problems as it relates to plugins used with WordPress. If it hasn’t started by now, automated systems will be scanning for vulnerable versions and taking advantage of it. Your site won’t be safe for long and could be used for a number of malicious devices. Ranging from defacement to becoming an unknowingly hacked site collecting credentials from phishing emails and unsuspecting users, or worse.
Your website should be regularly updated and monitored, just like everything else (phone, PC, laptop, servers, switches, routers, etc.). It isn’t a set-it-and-forget-it situation any longer with websites. Old static HTML pages might have let you away with a lot more, but all this dynamic flashy code has got to be looked after more frequently.
Some good practices
- Install plugins to help secure WordPress
WordFence – A popular plugin still kept up to date as of this writing over 2 million installs. Even a free version is better than nothing. https://wordpress.org/plugins/wordfence/
BulletProof Security – Boasting malware scanning, IDPS, and login security to cover a few of the listed items. https://wordpress.org/plugins/bulletproof-security/
- Update plugins, theme, and WordPress versions regularly
This is harder the more sites you support for clients, or if you don’t have time to check your own website frequently and want to know if there are updates available. I’d recommend something more automated so you can stay on top of it. WP Updates Notifier may be a help to you but looks to have fallen off maintenance wagon (https://wordpress.org/plugins/wp-updates-notifier/). Mail On Update (https://wordpress.org/plugins/mail-on-update/) has some more up to date versions.
- Subscribe to a management service to handle watching your website’s health so you don’t have to all the time
If you need further help or suggestions I’d be happy to assist.