23 June 2020

WordPress Plugins and how they affect the security of your website. If you are not updating, are you asking to get hacked?

Submitted by Chantel Venter
WordPress Plugins and how they affect the security of your website. If you are not updating, are you asking to get hacked?

If you are not doing this regularly – you are asking to get hacked!

In times of chaos, hackers thrive. That’s why since the start of the Covid-19 Pandemic the amount of malware on South African websites increased by more than 300%. In this uncertain time, hackers are preying on the vulnerable and exploiting the situation as best as possible. “Don’t fall victim to cyber threats,” warns Domains.co.za CEO, Wayne Diamond. “Protecting your data should be a top priority,” he adds.

Your website is a good place to actively address your cyber risk, Diamond recommends. “Most people think an SSL certificate and anti-virus programmes are enough to safeguard their data, and these are of course a must, but there is a silent threat most website owners aren’t aware of. Vulnerable plugins,” says Diamond.

Currently, WordPress is the most popular Content Management System (CMS) on the market, offering customers diverse plugins that can optimise and enhance user experience and website functionality. As a result, hackers are targeting WordPress for vulnerabilities. Recent studies have shown that hackers are finding it easier to exploit vulnerable plugins in order to hack a site, rather than attacking the WordPress system itself. In fact, 83% of hacked WordPress sites weren’t updated at the time of the attack.

Running updates for your WordPress plugins is only a part of the solution. “You have to manage your WordPress plugins regularly,” advises Diamond. “This means running updates,  installing reputable plugins only, checking whether you really need all of them, deleting the ones you don’t use anymore, checking whether you have an abandoned plugin installed, and doing all of this regularly.”

How to manage your WordPress plugins to reduce cyber threats 

Limit the amount of plugins you install The more plugins you have, the more developers you entrust with the security of your site and ultimately, the more maintenance you have to do to keep your website safe. When it comes to plugins, less is definitely more. Look for quality. Make sure every single plugin you install is essential to the overall success of your website.

Only install reputable plugins & delete unused plugins

There are tens of thousands of plugins available for WordPress. Choose reputable plugins that have been added to the WordPress.org directory or have been approved by the experts. As important as it is to install good quality plugins, it is also essential to get rid of the ones you aren’t using anymore. Any installed plugin increases your site’s “attack surface”. If it doesn’t serve a purpose, delete it. 

Run plugin updates ASAP 

It is important to run plugin updates as soon as they become available. Multiple studies confirm that a high percentage of hacked WordPress sites weren’t updated at the time of the hack. Developers develop a plugin update with good reason. To fix security flaws, bugs or to improve functionality etc. Cyber criminals know this. The moment an update is released they focus their attention on hijacking sites with the old versions installed before these patches can be applied. 

Check for abandoned plugins 

Sometimes developers become bored with a plugin and stop creating updates for it. We can’ t blame them, but abandoned plugins are bad news for your website. If a plugin hasn’t been updated in two years or more, chances are it has been abandoned. If this is the case, don’t install it or delete it from your website and replace it with a recommended plugin.  Domains.co.za is a leader in the local domain and hosting environment. Together with its value-added solutions in online security, 

Domains.co.za provides small to medium-sized businesses and startups with all the necessary tools to get their businesses online and do so safely. Innovative breakthroughs like its WordPress Hosting, offers advanced features such as smart automatic plugin updates, a feature which saves customers time and offers peace of mind.