Are You leaving Your WordPress Website Vulnerable to Attack?

Laptop with WordPress website on screen

Do you have a WordPress website? If you do, you’re in good company. WordPress sites actually make up 14.7% of the Top 100 Websites in the world including TED, NBC, CNN, TechCrunch, People Magazine, the NFL, Best Buy, CBS Radio, and UPS to name just a few. In fact, according to a study published by whoishostingthis.com, 35% of the entire internet is powered by WordPress and according to W3techs, WordPress has 61.8% of the Content Management System (CMS) market share – more than all other systems combined. Not only that, but WordPress is STILL growing!

The question is, do you really need to update WordPress EVERY TIME there is a new update? Actually, yes – there can be huge costs to ignoring those update notifications on WordPress. You have to be proactive and make sure your WordPress site is updated regularly. There are several reasons why.

Why keeping your WordPress Site Updated Is So Important:

1. Security

Website Security for WordPress

Since WordPress is open-source, anyone can study the source code to learn and improve it. This is great and is the reason why WordPress has so many amazing free plugins. But this also means hackers can study the source as well and find ways to compromise WordPress websites. Updating to the latest version of WordPress avoids the vulnerability that could have been in the previous versions. This prevents hackers from inserting malicious code.

How do you know your website has been hacked?

Sometimes, it is subtle, like your email list grew ten-fold overnight. Or, your website resources are working at full capacity all of a sudden but you normally do not have that much traffic. You may find plugins installed that you never installed, or new users/administrators in your WordPress. Here are some more obvious examples of website hacks:

Your password has been changed without your knowledge:

Wordpress login screen

Your WordPress database cannot be found:

database error message

You get a redirect notice when going to your website:

redirect message

When googling your website, you receive this warning:

google website may be hacked message

You receive this warning when visiting your website (if you don’t have an SSL certificate and your site is not secure, this can be the issue. Read our blog post on Security Warnings for more information on this):

site may contain harmful programs message

Your website has been defaced (here are some examples of what that could look like):

vogue website defacedutah office of tourism defaced angry birds website defaced

So, the saying “If it ‘ain’t broke, don’t fix it” simply doesn’t apply to WordPress sites.

2. Bug Fixes

big fixes

Despite the rigorous testing before updates are released, sometimes bugs may slip through the cracks. Bugs are errors in a computer program or system that make it behave in a way that the developer didn’t intend it to. Bugs can cause weird glitches or even make things crash. To make sure your website keeps running smoothly, it’s essential to implement these fixes, and with each WordPress update, bugs are addressed and fixed.

3. Performance and Features

New Features and Performance

WordPress is continually being improved. Each new release and update contains new features and performance improvements that allow your website to function better with greater performance and speed. Better performance means better SEO, therefore you want to make sure your site is up to date to take advantage of the best possible organic SEO ratings Google has to offer.

4. Plugins and Theme Updates

Plugin and Theme updates

Don’t forget to update those plugins and themes as well! WordPress core installation is not the only thing that can be exploited – don’t ignore those plugins and WordPress Theme. Plugin and theme developers may coordinate their updates with major WordPress update releases to warrant they are taking advantage of new WordPress features. If you are not updating your plugins and theme when an update is available, you could be limiting the functionality of your site or even leaving your site vulnerable to security risks.


Now that you know that it is important to keep your site updated (and why). How in the world do you update your site?

Minor releases that include security and bug fixes are sometimes updated automatically, which is awesome! However, you will need to log in to your WordPress dashboard regularly to see major WordPress updates, PHP updates, and when plugin updates are available.

If you haven’t updated your website in a while, the process could take some time and there could be issues that need your attention. This is great if you have WordPress knowledge – kudos to you; however, we highly caution you if you aren’t certain, as you can break things. If you run into this issue, contact us, we can help.

Pro Tip: In some cases, an update to these plugins or themes can actually break your existing WordPress plugins. This happens when plugins aren’t compatible with your version of WordPress. It is important to keep regular WordPress backups and to check your site after updating that all your plugins work and that your site is running (and looking) the way it should.


Feeling Overwhelmed? Don’t have the time to Regularly Maintain your Website?

We can help you with that. Check out some information about our maintenance plans here; we can take the guesswork out of maintaining your website.

TrevNet Maintenance Plans

It is key to remember that just like in car ownership, a website needs maintenance, and maintenance is always cheaper than repair. That is why there are mechanics to help with that maintenance and repair! Let us help you with your website maintenance. We have plans that take the stress out of remembering when and how to update your website so you can focus on what your specialty is – running your business. Our area of expertise is development and we know websites!

Review information about our most popular maintenance plans here, and if you need a custom solution for your business, contact us – we would be happy to talk with you.

Security Warnings: Is Your Site In Danger?

Google has announced that in just a couple of short months Chrome will start showing security warnings on HTTP sites that have any text input fields in them.

Breaking it Down: What Does That Mean, Exactly?

If you have a blog that can be commented on, a newsletter sign up form on your website, members only content that requires a login – anything that is interactive with your users and has an field where people type into on your website will show a warning that it is “NOT SECURE” starting October 1, 2017.

BOTTOM LINE: This WILL effect the users ability to access your website!

Google is the first web browser to jump on board with this, and has been marking login forms, certain websites and credit card forms not secure for a while, but, there was a story earlier this year where Firefox reported already showing these warnings on un-encrypted login pages.

These safety precautions are all steps to ensure a better, secure, internet environment for all users moving forward; making it harder for cyber criminals to intercept information over the web.

These are just the first steps, with websites having forms being the first to be flagged. However, it is the goal to have ALL websites eventually go to HTTPS (sooner than later).

This goal may be closer than you think. We had a client’s entire blog site blocked from being shown at all to users in Europe just last week because it was not an HTTPS site and deemed “NOT SECURE”. This is taking it a step further from just a warning in an input field – the whole site was marked not secure and was not shown to the user at all.

What does this mean for you?

If you are the owner or manager or a website, this affects you, and your website needs to be secure. You can secure your site and prevent these “NOT SECURE” warnings by moving your site to HTTPS. This is done by installing an SSL Certificate.

We did a blog post a while back on how you can get a free SSL certificate From Let’s Encrypt and the benefits that comes with them (I’ll give you a hint: Search Engines love SSL Certificates and your SEO will thank you!).

If you are a current TrevNet Full Service Hosting customer and you’d like to take advantage of a “Let’s Encrypt” FREE SSL Certificate on your site, contact us to get started.

HUGE Google Changes – Is your site ready?

responsive devicesStarting today, April 21, 2015 Google will be making a HUGE algorithm change that will affect all mobile searches.

The new change outranks both Panda and Penguin in terms of scale according to Google’s Webmaster Trends analyst Zineb Ait Bahajji. It is predicted to affect 40% of  all websites. If you haven’t felt the effects of this change, you will soon!

Whether you have a website, landing page or blog, you WILL be affected by this change. The question is…are you ready for it?

We have been preaching about keeping your website up to date for quite some time. Check out our blog post back in 2013 explaining some of the benefits of keeping your site fresh and new.

mobilegeddenThe change will only take about a week to complete and is so significant that April 21st is being referred to by several names including mobilegeddon, mobilepocalyse, mopocalypse or mobocalypse!

The end isn’t [that] near! The best way to figure out whether your site will reap the benefits of this algorithm change (or if you will be penalized after the update), is to analyze your site and Google was generous enough to provide the link for a simple test:

 

https://www.google.com/webmasters/tools/mobile-friendly/

If your site is mobile-friendly, congratulations! You won’t fall victim to these apocalyptic changes. However, if your site doesn’t meet these mobile-friendly standards, it’s time for an update!

Not to worry, we’ve got you covered – contact us by phone, email, telegraph or carrier pigeon and we will be more than happy to get your site up to par.

slide01-imagesThe best way to ensure your site won’t be affected, is to make your site Responsive. Responsive design is the process of creating a single web site that has the ability to adjust its layout, based on the size and orientation of the users display as well as the browser it is being viewed on. Simply meaning, your website “responds” to the device it’s being displayed on for optimal viewing.

We’ve been doing responsive design for a while now, check out some of our favorites:

Aqui Cal-Mex
Pelvic Health and Rehabilitation
Amy Dixon Fitness
Jonathon D Fischer Foundation

Or check out our portfolio for more examples.

Don’t wait until you are no longer competitive in your search rankings. Contact us – we’ve got your back!