How to keep your WordPress website safe from hackers

website maintenance

Whether you realize it or not, website maintenance is part of your daily existence if you own a website built with WordPress. WordPress is a content management system (CMS) used to build and power roughly 50% of websites worldwide. Many other CMS are in use, yet WordPress is often chosen due to the nearly limitless options for design, performance, and features that can be built into a website. As a web design agency, we exclusively use WordPress.

Unfortunately, due to the popularity of WordPress, it’s also targeted the most for hacking. Just like computer operating systems, hackers often choose the platform that enables them to have the biggest, most extensive opportunity to carry out their designs. Windows┬« operating system still powers 74% of computers worldwide. If you are a computer hacker, it makes sense to target a system that has a bigger field of play. The same goes for WordPress.

As a website design agency, we spend a fair amount of time providing Service & Support for our client’s websites. We are constantly keeping up with the latest vulnerabilities and threats to WordPress websites so we are best prepared to keep our clients informed and stay up to date on website maintenance. Recently, a particular vulnerability was disclosed that involved two very popular, widely used WordPress plugins, Elementor┬« and WooCommerce┬«. Elementor is a page-building plugin that is very popular among web design agencies and everyday users. WooCommerce is an e-commerce solution used to power online sales of products and services for WordPress websites. If both of these plugins were in use on a website, it was vulnerable to malicious code injection that would allow an agent to take over the website and even redirect it to another website. The vulnerability was only present if both plugins were installed, not just one or the other. A fix for the vulnerability was quickly released by Elementor which closed the vulnerability. We, of course, knowing about the vulnerability, quickly moved to update any of our client’s websites that rely on us for Service & Support.

This morning, we read a feed we follow that showcased what happens when you don’t keep up with your website maintenance:

“Hi fam. My client’s Elementor website got hacked. I’ve read it’s happened to a lot of people recently. We have ElemPro and woo on her site. It was a pretty sophisticated attack. They changed my admin login and a number of other things. I’m worried they installed a backdoor. I still cannot receive emails from the website for two of my user accounts. My hosting company was of little help. They told me to reach out to a security expert. Anyone I’ve looked up is around $500. Am I expected to pay this out of pocket? I’m not sure how this works. I haven’t told the client what the issue is yet. Do I tell her that it was a security exploit with the plugin? Or do I just say, the website was hacked? How does that conversation usually go? I’m nervous. I have no where else to turn for feedback. I’ve been up all night trying to figure this out, I want to exhaust all of my efforts before I reach out to an expert. Help!


A penny saves a dollar

It is extremely stressful when all of sudden, the website you worked so hard on and rely on for your business is no longer under your control. The damage that can result is very disruptive to your business and can damage your online reputation. When I read that post, I honestly felt that.

We talk a lot about website maintenance. This is the reason why. This is the reason why we provide it as a service. Does this mean you need a professional agency to take care of your own website? NO! If you own your own website, you can do this on your own. But you have to be dedicated to staying up on the maintenance needs of your website. Our Service & Support page has a helpful link that shows you how to safely and smartly maintain your own website. If you simply do not have the time to handle your own website’s maintenance needs, contact us. We are happy to help. The money you spend on prevention will save you many times over if disaster strikes when you get hacked!