It started quietly enough, when I received an email from an old client whom I hadn’t talked to in a while.
“I got this email from my hosting company”, she said. “Can you help me?”
I read the email. It was a long, drawn out email full of tech jargon that boiled down to three words:
She’d been hacked.
WordPress software gets updated pretty frequently, and some of the updates are what we call “critical updates”. These are usually security updates due to changes in the tech space, and if you don’t apply them you leave the door wide open for hackers to create a big mess.
This client hadn’t updated her WordPress software or her plugins for years, so it was no surprise that she was in this situation now.
And boy, was it ever a mess.
Needless to say, I was able to get things cleaned up and she was back up and running the same day.
Then another email came in a few days later. Same situation, different client.
In the past month or so, I’ve had five different people contact me, all with hacked websites, and all with outdated software and plugins. Some hacks were simple to fix, others not so much. One was so bad it infected her email accounts as well.
But is it really WordPress’s fault?
I hear lots of developers bad-mouthing WordPress, saying it’s a magnet for hackers, and that people are foolish to use it. They insist that WordPress sites are just destined to get hacked.
I couldn’t disagree more.
Any site can get hacked, really…just look at what’s going on in the world right now! Big corporations and government agencies are dealing with hackers every day. Nothing is truly 100% secure, but there are certainly things you can do to keep things safe.
With WordPress, the best way to keep things locked down is to keep your software updated, and your passwords strong. It’s really not difficult, it just takes a little bit of attention.
And your hosting setup can make a difference, too. If your hosting company doesn’t keep things secure on their end, that’s a recipe for disaster. And if you’re on shared hosting, which most cheap hosting is, you’re basically playing in the sandbox with lots of other folks who you don’t even know. If one of their sites gets hacked and you’re on the same server, you could potentially get hacked too.
If you have the budget for it, I recommend a VPS (virtual private server). I have one with A Small Orange so I know that the only websites that are on it are my site and the sites I host for clients. To me it’s worth the extra expense.
So what happened to these clients?
Well, all the websites got scrubbed clean, patched up, updated, and were given a clean bill of health. Their owners, however, each received a pretty hefty invoice to match.
None of these clients were enrolled in an ongoing support package with me, either. If they had been, this would never have happened. Four of them, however, decided it was a good idea to sign up after going through this experience.
For a small monthly investment, these busy entrepreneurs know that I’m going to keep my eye on things and make sure everything is up to date and clean. It’s one less thing they have to worry about, and it’s worth it to them to save time and avoid the headaches later on.
Your website is important. It’s the face of your business online. Take care of it.
Like to DIY?
That’s cool. If you want to maintain your site yourself, you can set yourself a reminder to log into your website at least once a week, and click on those little red alerts that tell you something needs to be updated.
And while you’re in there, take regular backups of your site, and do a malware scan at the same time.
It’s like maintenance for your car. If you ignore things long enough, eventually something is going to break and you’re going to be faced with a big repair bill.
That said, if you have absolutely no desire to do maintenance on your website and you want to hand it off to someone you can trust, check out our ongoing support packages. It might be exactly what you need!