wordpress security attacks december 2016

WordPress Security Attacks Dec 2016 And Take-Home Conclusions

WordFence – the WordPress Security company – has released a report of WordPress attacks globally in December 2016 which makes for interesting reading.

Examining the top 25 IP address responsible for attacks on WordPress websites, 80 million originated in Ukraine from four netblock owners:

  • PE Tetyana Mysyk
  • Pp Sks-lugan
  • Kyivstar GSM
  • ISP Datasvit network

24 million originated in France and 18.4 million from Russia.

 

The report splits the data into two types of attack

  • Brute force attack – which tries to guess the WordPress password
  • Complex attack – which tries to exploit a vulnerability in WordPress or associated plugin.

Complex attacks (63 million) were found to be from fewer, most active IPs – a finding the authors accredit to the fact that these are more sophisticated attackers who have the ability to attack vulnerabilities and in huge volume.

During December 2016 there were more than 3 million to 8 million blocked complex attacks per day.

Brute force attacks (67 million) were more common and noticeable from a higher number of IPs, but at a reduced volume – as these attackers are less sophisticated.  Furthermore the brute force attack is likely to be far less successful due to the very nature of the attack.

Towards the end of December 2016, there was a huge peak in blocked brute force attacks, reaching over 45 million in a 48 hour period.

Take-Home Conclusions

What Does This Data Mean For Your WordPress Security?  It re-emphasises the importance of being vigilant about your WordPress security.

Brute force attacks can be blocked by various plugins, such as the WordFence Security plugin and it is essential that you insert one on your website.

If you’re unsure how to add this type of plugin or are concerned by the warning they display before installing, please feel free to contact us for installation assistance.

Since complex attacks are targeted at vulnerabilities in WordPress themes and WordPress plugins, you can reduce the risk of attack by keeping your core WordPress system and plugins up to date.  The data reported showed that all attacks were via publically known vulnerabilities, and many of these plugins dated back to 2012.

Read the full WordFence report here.

If you’re worried about your WordPress security, we offer a FREE security audit which examines, detects and provides a fully detailed report looking at potential vulnerabilities within your WordPress website.

Alternatively contact us to discuss any concerns you have about your WordPress website – we’re sure to be able to help.

choosing web hosting for wordpress websites

Choosing Web Hosting For WordPress – Knowledge Is Power!

When you need web hosting for your WordPress website, it can seem a little daunting to know what to choose – and if your website is your first, you may even be a little hazy as to what web hosting is! So let us arm you with some knowledge so you understand what is web hosting and how to choose the best hosting company for your WordPress website.

1. What Is Web Hosting?

To get your website seen on the internet it has to be placed there, otherwise it won’t be available to website users.  Web hosting companies own and maintain powerful web servers which store your web pages, and “serve” them to your visitors.

There are many web hosting companies around – but when you decide which to use to host your WordPress website, you need to consider the following essential points.

1.1 Amount of web space

Around 1Gb is fine if your website is small and your website traffic is likely to be modest.  Big, complicated websites with lots of functionality (online purchasing, online booking, forums, lots of images and video etc) which attract many visitors would do best to choose hosting with unlimited web space.

1.2  Website speed

It’s important that your website has pages that are fast to load – slow websites aren’t enjoyed by visitors and your site could actually get penalised in Google search results if it is very sluggish.

1.3  General Shared or Private Server Hosting

General shared hosting is offered by companies such as GoDaddy, Bluehost and  123 Reg etc. This is great for small personal sites and low budgets, where uptime and site speed aren’t critical.

However shared servers are less suited to websites with large volumes of traffic.  They won’t scale well and with too much traffic, your site is likely to go down.  Also website speed is affected by what your “neighbours” are running on their sites concurrently.

Private server hosting means you have resources that are not shared by others.  This provides more power and flexibility than being on a shared account.

1.4 WordPress specific hosting

WordPress specific hosting may be slightly more expensive than general hosting. However it’s definitely advantageous because WordPress has “application specific” nuances that affect hosting providers.  Managed WordPress hosting providers specialise in these nuances and optimise caching, security, and support for WordPress sites.

In addition, this type of hosting means pages can be served faster and WordPress specific security issues can patched quickly with the release of each new WordPress version.  

1.5 Whether you need CDN (Content Delivery Network) services

A Content Delivery Network (CDN) is a service that can help the static content on your site (images, CSS, Javascript) load much more quickly.

A CDN is a collection of servers located all around the world. When a browser loads static content, the request is automatically routed to the server geographically closest to the browser. This helps the content load much more quickly. In addition, because your content is loaded from many servers in separate locations, bursts of traffic are less likely to cause issues, because the burst is spread out over hundreds of servers, rather than just one.

1.6 If you require a SSL option

HTTPS, the secure protocol for the web, safeguards your visitors by creating encrypted connections between your visitors and your site, protecting your visitors’ privacy and the data they share with you over the internet.

In addition to providing enhanced security, HTTPS can provide search engine ranking improvements.  Read this article for more information on https for SEO.

1.7 Service Level you expect from the hosting provider

The amount of support you receive depends on the platform you choose and the operator – so check the service level agreement before signing up. Things to consider:

– network availability  – does the host guarantee 100% network availability (excluding scheduled and emergency maintenance)?

– assistance – how can you contact the host? Are they available 24/7? How quickly will your query be dealt with?

 

2. Which Are The Best Web Hosting Companies?

There are thousands of hosting companies so it’s important to select a company you feel comfortable with and who you believe will provide a good service and value for money.

Many are multinational companies like GoDaddy, Bluehost, HostGator etc. who have tens of thousands of clients, who are consequently treated as one of many.  There are also companies like WP Support Specialists who deal with smaller numbers of clients and build up a good working relationship with them in a more personal way.

Here’s a list of 5 of the biggest WordPress website hosting companies with links through to customer reviews:

After reading this article we trust you are armed with the knowledge you need to choose the best web hosting company for your WordPress website!

If you’re interested in our website hosting services (for that personal, yet knowledgeable service!) take a look at our options here, or contact us for a no obligation chat.

 

wordpress themes 10 tips choose best

WordPress Themes – 10 Foolproof Tips To Help You Choose Wisely

WordPress themes provide the look, style and much of the functionality of your website.  When you’re creating a new site, you need to think about your brand colours, font styles, page layouts and where you want any widgets to be located – then choose a WordPress theme that delivers what you need.

The good news is that there are literally tens of thousands of WordPress themes to choose from – so you’re certainly spoilt for choice.

The bad news is that there are literally tens of thousands of WordPress themes to choose from – so how on earth can you choose the best for you?

We’ve created some simple tips to help you narrow down your choice so that you find the absolute gem-of-a-theme that works for you – and we’ve included some handy links to websites offering WordPress themes at the end.

1. Price

Both free and premium (paid for) themes are available. Thousands of free themes are absolutely great but paid WordPress themes tend to be updated more frequently (see point 8).

2. Theme layout

Choose a theme that will enable you to lay out your website as you need to.  Remember a great user experience and ease of navigation are essential, so often it’s the simpler themes which are best choice.

3. Exclusivity

If you want to have a website look not shared by many others, a premium WordPress theme may well be the best choice as fewer websites are likely to use it.

4. Plugin compatibility

Make sure the theme supports all popular WordPress plugins. If in doubt, check with the theme developer.

5. Mobile responsiveness

All good themes should be mobile-friendly, however, it’s worth checking out the theme demo page URL using Google’s Mobile Friendly Test.

6. Page Loading Speed

Choose a theme that’s not too slow to load.  Check out the URL of the theme’s demo page on a free page speed checker such as GT Metrix.

7. SEO friendliness

A good WordPress theme will “show” your website to the search engines using the right html code.  Check with the developer that the theme is SEO optimised.

8. Date of last update

Recent updates mean the theme developer is routinely fixing bugs and making improvements.  Anything that hasn’t been updated in a year or more should be avoided as it may no longer have support and is likely to cause more problems than it’s worth.

9. Customer feedback and reviews

See what others are saying about the theme and whether their feedback flags up any areas of concern for you. Look to see how quickly the developers respond to questions and feedback.

10.  Support

It’s always best to choose a theme with support from the developers. You may have to upgrade to a premium (paid) theme for this. but it means they’re available to help if you somehow mess up the theme.

 

Where to find WordPress Themes:

WordPress.org – Biggest place to find free themes

Theme Forest – Huge selection and good prices

iThemes – Hundreds of themes to purchase

Creative Market – More creative and expensive

 

Shop around, check out the different themes available and check them against our handy tips list.

If however you know exactly what you need and it just doesn’t seem to exist, you can work with a WordPress web design company to have  them create a custom designed and developed WordPress theme.  Then you’ll be confident it looks exactly as you want and does exactly what you need – and will be completely unique to you.

We are experts in all things WordPress.  We can develop custom WordPress themes and offer a wide range of WordPress support services – hosting, maintenance, optimisation and migration. Feel free to contact us for a no obligation chat to discuss your requirements.

 

wordpress plugin hummingbird for wordpress optimisation

WordPress Plugins – 10 Essentials Every WP Website Deserves

The beauty of WordPress plugins is that they can be simply installed on your WordPress website to increase its functionality.  By itself, the core WP system is lean, and functions on the bare essential coding.  But by installing carefully selected WordPress plugins, you can create a mean machine which functions precisely as you need it to.

You may need a live chat option, an eCommerce option, a sign up form option – there are thousands of plugins to match your needs.  But here we’re focusing on 10 essential WordPress plugins that every carefully nurtured WP website deserves.  These will help your website function optimally and will improve its search engine optimisation.

SECURITY                        

1. Sucuri Scanner

wordpress plugins sucuri scanner

This plugin is a toolset for security integrity monitoring, malware detection, audit logging and security hardening.

2. WP Security Audit Log

wordpress plugins wp security audit log

This plugin allows you to keep an audit trail of all changes made on your site. Very handy if you have multiple users with access to your site.

3. iThemes Security

wordpress themes security ithemes

This plugin (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site.  It also offers advanced features for more experienced users to harden WordPress security even further.

 

CAPTCHA

4. Google Captcha 

Prevents spam login registrations and spam comments whilst letting real people get through easily – they simply need to confirm that they are not a robot before they submit a form.

google captcha plugin

BACK UPS

5. BackUpBuddy 

wordpress plugins backup buddy

Essential to backup your WordPress site and content – one of the most fundamental good practices for all WordPress websites.

 

EASE OF USE

6. Duplicate Post

wordpress plugins duplicate post

This plugin allows you to clone a post or page, or edit it as a new draft – making life so much simpler!

 

OPTIMISATION

7. Smush 

wordpress plugings WP Smush

A great plugin to easily optimise your image file size to improve website performance and boost your SEO.

8. Hummingbird 

wordpress plugin hummingbird for wordpress optimisation

Hummingbird checks your whole site to find ways to improve loading speed – from file compression and size reduction to browser caching.

9. W3 Total Cache

wordpress plugins w3 total cache

A plugin to help with SEO and performance optimisation of your site via caching.  However it is difficult to develop the site when cache is enabled so better suited to small businesses that make infrequent site updates.

10. Yoast SEO 

wordpress plugins yoast seo

A great helping hand to get your website fully search engine optimised.  It guides you through your on-page SEO by prompting you to define a focus keyword, and ensuring the page URL, SEO title, metadescription and image Alt Text are all relevant to this keyword.

This great guide for using Yoast in WordPress should give you all the information you require.

All WordPress websites need to be given the very best chance – in terms of performance, security and SEO.  And we believe these 10 essential WordPress plugins are deserved by absolutely all WP sites!

We are experts in all things WordPress, and if you need any help or support with your site – hosting, maintenance, optimisation or migration – then just contact us.

wordpress version 4.7 and wordpress news december 2016

WordPress Version 4.7 And News Round Up December 2016

WordPress Version 4.7 – All you need to know

WordPress does like to name its new versions after legendary folk – and WordPress version 4.7 is no exception!

Named “Vaughan” after jazz vocalist Sarah “Sassy” Vaughan, the latest WordPress update is now available to from your WordPress dashboard or via download (after you have done a complete backup of your site before updating, of course).Some of the new WordPress version 4.7 features we love include:

– a new default theme “Twenty Seventeen” which people are raving about for its large images, video headers and mobile-first design

thumbnail previews of PDF files in the media library

– “edit shortcuts” – visible icons shown in preview mode which allow you to edit in one simple click

multiple languages in the dashboard, ideal for multi-lingual teams

For a more complete overview of WordPress v4.7, check out this article from WordPress.org

News Round Up December 2016

Top 15 Most Popular Multi-Purpose WordPress Themes 2016

Multipurpose WordPress themes are hugely popular – no surprise since they have extensive feature lists and a wide range of powerful tools built.  Here’s a review of  the top 15 most popular multipurpose WordPress themes — based on sales figures, reputation, and usage.

From WinningWP – Read the article here

How to Style WordPress Navigation Menus

For anyone who wants to customise the colour or appearance of their WordPress navigation menus – using a plugin or manually – this is a must read article.

From wpbeginner – Read the article here

On-Page SEO – 10 Bare Necessities To Boost Rankings 

Unsure about your on-page SEO?  Think it’s all beyond you? Well help is at hand with this article which details 10 important ways to optimise your web pages to help your site rank better in the search engine results.

From Blinkered – Read the article here 

Why is SSL Important For Your Site Security?

A great overview of why your website needs of SSL, or Secure Sockets Layer, including an overview of http:// and https:// – and why Google favours https:// websites in the search engine rankings.

From WPLift – Read the article here

15 Creative Free WordPress Themes For Artists

An overview of some of the best WordPress themes for artists, photographers and other arty types who wish to showcase their work.  The themes include animation and parallax effects, plus support for WooCommerce for those who wish to sell their work.

From WPeka – Read the article here

Need WordPress Help and Support? Ask Us!

We hope you find this blog informative and useful.  If you need help with your WordPress website, just contact us

We deal with WordPress emergencies, regular WordPress Maintenance, hosting, migration, security audits and optimisation.  We’ll let you know how we can help – and you can be assured of fast, friendly and efficient service each and every time!

WordPress website security tips

WordPress Website Security: 20 Ways To Give Hackers The Runaround

It’s a sad fact that malicious malware and website hacking are an all too common a reality.  Therefore it’s imperative to seriously consider your WordPress website security and take appropriate steps to keep it out of the clutches of hackers.

Our list below outlines 20 easy steps you can take to maintain your WordPress website security at a high level, and give those pesky hackers the runaround!

1. Secure the login page – the standard website login page can easily be reached by adding /wp-admin/ or /wp-login.php to the website URL.  Change this to prevent hackers from finding your login page with ease.

2. Change the admin username – never use “admin” as the username for your main administrator account.  Change it to something which hackers won’t be able to guess.

3. Password control – ensure your passwords are strong by using upper and lower case letters, numbers and special characters. Change them regularly.

4. Use a login captcha – add the captcha function to your login page to prevent robots continually trying to access your website.

 

WordPress website security captcha code

 

5. Set up a lock down feature – use a plugin such as iThemes Security to lock down access after a predetermined number of failed login attempts. The user’s IP address also gets banned.

6. Protect the wp-admin directory – use a password to protect entry to this directory which is at the heart of any WordPress website.

7. Use a SSL (Secure Socket Layer) Certificate – this encrypts data between the browser and website server protecting it from attack by hackers.

8. Manage user accounts carefully – if you grant another user access, ensure that they too have a strong password.  When the user no longer needs access, ensure you deactivate their access.

9. Set appropriate levels of access – any user with admin access to your site can edit files, plugins and themes.  Manage this by giving users the level of access they need.  For example, if a user only requires to edit pages and posts and add new images etc. then they only need “Editor” level permissions, not admin.

10. Use security orientated plugins – eg. Sucuri Scanner and WP Security Audit Log

11. Use only reputable themes and plugins – only ever use themes and plugins from reputable suppliers, and ones which have been recently updated – which indicates they will be optimised as far as possible from malware threats and be compatible with others

12. plugins or themes that you don’t use – if you’re not using them, you’re likely to forget to update them. So best delete them to prevent hacking. This also helps to improve the speed and operation of your site

13. Choose a secure hosting company – opt for the best hosting you can afford, ensuring that the company addresses security vulnerabilities on its own host.

14. Make regular secure backups – ensure your website is fully backed up, so in the event of hacking, you have the backup to revert to.  BackUpBuddy is a great plugin which automatically backs up your site.

15. Monitor for Malware – run regular Sucuri checks (which are free) but bear in mind that, depending on the infection, they don’t always show a problem.

16. Remove any malware as soon as possible – if your site has been infected, you may not be able to remove the malware yourself.  In that instance you will need to pay a WordPress specialist company to fix the problem.

17. Update core system as new versions are released – WordPress versions are regularly updated to fix bugs and prevent vulnerabilities that have been identified in the previous version.  Your dashboard helpfully shows when new versions are available.  However before doing any updates, ensure your site is fully backed up.

18. Update plugins as new versions are released – check for new releases in the plugin section of your website.  Before you update any plugins, ensure they are compatible with the core WordPress version you are using. Also make that all important website backup before you do anything.

19. Accessing your website – when logging in from your computer, ensure your PC is virus-protected by installing antivirus software (eg. AVG, Avira, Comodo).

20. Use some common sense!  Never log into your website on an unsecured network!

We hope you find these 20 tips about WordPress website security useful and that you’ll crack on with implementing them – the sooner you do, the sooner you’ll be giving potential hackers a a much tougher time!

If you need help to maintain your WordPress website security – or indeed have any other WordPress related question – why not drop us a line? We’re sure we’ll be able to help!

using Yoast in WordPress

Using Yoast in WordPress – Simply, Logically And Effectively

If you’re using Yoast in WordPress, are you confident you’re using it properly?  We love Yoast but know that many people don’t use it to its full potential – so let us guide you through the process.

Firstly, let’s clarify that Yoast is a great WordPress plugin which helps the search engines find your website in response to relevant keyword searches.  It also gives you control over how the search engines display your results in the search engine listings.

And why is this important?

a) You want your website to show high in the list results when someone searches using keywords relevant to the products and services you offer

b) You want customers who see your listing, to be sufficiently interested in what you have to say that they feel compelled to click through to your website.

 

However Yoast can only work as well as the information it is given to work with.  And to understand this, you need to appreciate a very fundamental concept about on-page search engine optimisation:

Each web page has unique content – so ensure you optimise each page with a unique keyword (or keyword phrase)

 So for example:

Page URL – Assuming you have set up your website logically, the URL of each page should contain the main keyword which describes what the page is all about

Page Content – Similarly the content of the web page will relate to the main keyword, and will be “supported” by supplementary keywords which naturally flow within the text.

This keeps things nice and simple for the search engines – they can easily understand what each page is about, and when to offer it up to someone who is searching for things that appear on your page.

 

Using Yoast in WordPress

We’ll take our own website as an example to show how using Yoast in WordPress can be wonderfully simple and logical.

Our WP Support Specialists website is a fairly simple layout – we have a range of services, and each has its own unique page with its own unique url.  For example our Emergency WordPress support page:

https://www.wpsupportspecialists.com/emergency-wordpress-support/

Using Yoast in WordPress from WP Support Specialists

It’s pretty clear when you look at this page that the content is all about providing support to people who are in the throes of a WordPress emergency.

But the important thing is for the search engines to be just as clear – and this is where using Yoast in WordPress is going to help us out.

 

 1. Dashboard

In your dashboard, you’ll see all your pages.  For this draft Emergency WordPress Support page, you can see that the SEO column has a grey circle – this shows that no Yoast SEO has been undertaken.

We’re going to use Yoast and get that grey button turned to green.

using yoast in wordpress

using yoast in wordpress

 

2. Yoast Overview

Scroll down beyond the page content until you find the Yoast section which looks like this.

Using Yoast in WordPress from WP Support Specialists

As you haven’t added in any text yet, the system is automatically creating a title and description to be shown in search results.

Without using Yoast our result listing looks like this:

 

Using Yoast in WordPress from WP Support Specialists

Not bad – but not perfect.  Look how the description gets cut off half way through a sentence.

 

3. Setting the focus keyword

First of all, we need to define our “focus keyword” for the page. This in itself does not help with search engine rankings, but it helps focus the mind when ensuring the page is properly search engine optimised.

For our website, we’re going to set the focus keyword in Yoast as “Emergency WordPress Support

Using Yoast in WordPress from WP Support Specialists

4. Write your SEO title

In Yoast, the page title you create here will be served to the search engines.  It will help tell the search engines what the page is about AND will be displayed in the search results.

The focus keyword should appear at the beginning of the SEO title, and supplementary words should appear afterwards. It’s always a good idea to get your business name shown her for branding purposes.

Use as much of the character count as you possibly can, to show searchers exactly what you have to offer.

Yoast helpfully ensures you don’t overdo the character count.

Compare this – where the character count is spot on

Using Yoast in WordPress from WP Support Specialists

to this – where the sentence is too long and will get truncated in the search results:

Using Yoast in WordPress from WP Support Specialists

 

5. Create Your Metadescription

Interestingly the metadescription won’t help with SEO rankings.  However it will help with click-throughs!

The metadescription is your chance to make your entry stand out from the competitors – and persuade people to click through to your website

To keep focused on the page content, it’s recommended that the focus keyword appears near the beginning of the metadescription.

So for us, we’re going with

using_yoast_in_wordpress_6

Note how Yoast helpfully shows whether we have gone over the character count or not (we haven’t).

 

6. Image Alt Text

Ensure that any images on the page have been optimised – most importantly the Alt Text should include your focus keyword, but having a relevant file name will also help with SEO.

Using Yoast in WordPress from WP Support Specialists

 

7. Yoast Analysis

Now it’s time for the big reveal!

If you’ve focused on your focus keyword, got your URL and content spot on, and followed the Yoast steps as outlined above, you should see the following in the Yoast analysis:

using_yoast_in_wordpress_8

GREEN LIGHTS ALL ROUND!

If for any reason, you’re seeing an amber or red light, then check the reason why (did we say Yoast is really helpful) and simply put the problem right.  Then check the analysis again.

Once you get into the swing of using Yoast for WordPress we’re sure you’ll agree that it is a great SEO help – keeps you focused on the what you want to tell the search engines about the pages in your website.

And furthermore, your tailor made metadescription is sure to help drive more traffic to your website!

 

If you have any questions about using Yoast in WordPress or any other WordPress questions, why not drop us a line? We’re sure we’ll be able to help!

Read more about Yoast plugin for WordPress.

Difference between wordpress.com and wordpress.org

Difference between wordpress.com and wordpress.org

Difference between wordpress.com and wordpress.org – WordPress.com vs WordPress.org

We receive many requests for support from people who are hosting their website on WordPress.com. We take the time to explain the difference between wordpress.com and wordpress.org

Unfortunately, we can’t help people who have their site on WordPress.com as they effectively host your site and it’s a fairly closed system.

So, we wrote this blog to provide a little detail and to compare WordPress.com and the self-hosted version of WordPress (WordPress.org) which hopefully provides you with some quick and simple insight into the differences.

Difference between wordpress.com and wordpress.org

WordPress.com vs WordPress.org

The initial difference between WordPress.com and WordPress.org is who’s hosting your website.

With a self-hosted WordPress.org setup, You host your own blog or website. WordPress.org is where you’ll find the free WordPress software that you can download and install on your own website hosting account.

For example, people who host their own WordPress website may use providers like WP Support Specialists, GoDaddy, Bluehost, Heart Internet, 123 Reg and so on.

Conversely, WordPress.com takes care of all of the hosting for you. You don’t download software, pay for hosting, or manage a web server (unless you select one of their paid packages).

Depending on your needs, WordPress.com offer a variety of packages from free to £x’s per month.

Pros and Cons of WordPress.com vs WordPress.org

Both WordPress.org and WordPress.com have pros and cons, we cover a few of those below.

If your requirements are fairly simple, and you’re not interested in managing your own web server, you may prefer WordPress.com. It’s free and easy to set up, and you have various options for customising your website.

Some downsides of using WordPress.com include your domain will, by default, include “WordPress.com.” You can’t upload any custom themes, plugins or modify the code within your site. Therefore, if you wish to incorporate a landing page system, bespoke eCommerce, live-chat, and so on, you won’t be able to do that.

WordPress.com is free to set up in its most basic version, however, they do offer various upgrades, including domain name registration (if you don’t want WordPress.com in your domain name), the ability to upload videos, and use of their premium themes.

Using a self-hosted version of WordPress means you can use your own domain name, upload and install themes and plugins, edit the code behind your site, utilise a far greater number of themes, design a bespoke theme, use live chat, landing page systems, SEO plugins….. you get the idea I’m sure! 🙂

Most of the WordPress demonstration sites you see are built on the self-hosted verison.

If you have any further questions about a self-hosted WordPress site vs a WordPress.com site, feel free to contact us here with your query.

wordpress maintenance companies UK

Planned WordPress Maintenance – Is It Really Necessary?

You may have heard mention of planned WordPress maintenance, but even if you have a WordPress website, you may think it’s not strictly necessary.  And if that’s your view, then you’ll be one of thousands of WordPress managers who all feel the same way!

Shocking Statistics

The results of a 2015 WordPress survey conducted by CodeGuard frankly didn’t surprise us.  It seems a large majority of WordPress website owners aren’t too concerned about planned WordPress maintenance.

We weren’t shocked to hear that:

  • 21% of WordPress users back up their site ‘occasionally’
  • 26% of WordPress website managers have ‘some’ training
  • 22% of WordPress users think backups are unimportant

We have seen the fallout first hand from companies who fail to take precautions to ensure their WordPress website is not vulnerable to malicious hackers or malware.  We’ve held the hands of many a website owner that didn’t have WordPress maintenance in place and who ‘forgot’ to back up essential files – but then deleted them in the all too common curse of human error.  And we’ve had to sort out plenty of messes when WordPress plugin updates have gone bad.

Common WordPress Mistakes

WordPress is such a popular CMS, used by well over 20% of global websites, for the very reason that it is so easy to use.  But many users fall into a false sense of security – just because it’s easy to use they seem to completely overlook the fact that their WordPress website has the potential to go wrong!  Common mistakes made include:

  • No Backups – Hands up if you back up your website regularly.  Well done you – but hands down if you think that means once every 6 months.  Not carrying out regular backups (at least monthly) means your data is vulnerable to loss
  • Installing Unnecessary Plugins – we all love a nifty plugin but have you installed dozens of plugins which you aren’t actually using?  By not deactivating unnecessary plugins your website could be running slower than it needs to
  • Not checking the verity of free themes and plugins – you see a great free theme and go right ahead and install it, not checking to see if it is from a trustworthy source.  A high number of WordPress websites get infected by malware this way.
  • Human error – we are all prone to it but inexperienced WordPress users may make a big mistake just because of their lack of training in the software.

The Benefits of Planned WordPress Maintenance

When clients come to us with a WordPress emergency, we get their website back up and running as fast as possible.  And from that point on, our clients are sold on the idea of having regular WordPress maintenance carried out by WordPress experts.  They fully appreciate the ‘prevention is better than cure’ scenario.

A good website is fundamental to all businesses – and if it goes down, not only do you have to pay to get it up and running again, but business is being lost and reputation is being damaged every single minute it’s offline:

  • clients can’t contact you
  • clients can’t place their order
  • potential clients can’t find your website (and be sure that they won’t bother looking for you again as they’ll have found one of your competitors to match their needs)

Many companies can’t afford to have their own in-house IT support, so rather than cross your fingers and pray to Lady Luck, WP Support Specialists recommends a regular WordPress maintenance package that will give you peace of mind.  This will save you ££££ in the long run – consider it as an insurance policy for your online business presence so you can rest easy knowing your WordPress website is in the hands of experts.

Typical planned WordPress maintenance packages cover the following:

  • Secure backups
  • Backup restoration if required
  • Malware monitoring and removal
  • WordPress Plugin updates
  • WordPress core system updates
  • WordPress Theme updates

Just imagine being able to focus on your business knowing your website is in capable hands.  Think about being able to go away on that important business trip or a week away with the family without worrying that your website might go down.  We recommend regular WordPress maintenance for all WordPress websites!

Read more about the WordPress maintenance packages on offer from WP Support Specialists here.

 

hacked websites sucuri report 2016

Hacked Websites Report Q2 2016 – Is YOUR Website In Capable Hands?

Sucuri has just released its 2016 Q2 report on hacked websites based on the analysis of 9,771 infected websites. And it makes for an interesting read, particularly when you consider their final point:

“There is currently a sharp decline in the knowledge required to have a website, which is breeding the wrong mindset with website owners and service providers alike.”

They’re almost going as far as to say that too many hacked websites are the result of  their owners, webmasters and hosting companies not doing what they should be doing to keep the website secure.

Which is a worrying thought for most people – is YOUR website in capable hands?

 

Let’s look at some of the findings from the Sucuri hacked websites report.

1. Which CMS Platforms Were Most Commonly Affected?

The most common hacked websites were those using WordPress (74%) , Joomla (16%) and Magento (8%). This in part is a reflection of the usage of these different platforms – WordPress absolutely dominates the world of website CMS platforms making up 59% of all CMS, then Joomla 6.2% and Magento at 2.8%* – and the more websites there are using a particularly CMS, the more infected sites there are likely to be.

Indeed Sucuri states early on in the report that the data does not imply that WordPress, Joomla or Magento are more or less secure than other platforms – in most cases, the problems seen were little to do the core system, but far more to do with webmaster and hosting mistakes!

2. In-Date or Out-of-Date Software?

Sucuri reviewed whether the CMS being used was fully up-to-date at the point the website was infected, or not. CMS updates and patches are released regularly to ensure the systems work at a high level of security, but unfortunately many webmasters don’t maintain their sites rigorously, and allow them to become out of date.

And as Sucuri so succinctly says, “With enough time, motivation, and resources, attackers will identify and potentially exploit software vulnerabilities.”

Of the 9771 websites examined, Sucuri discovered an amazing:

• 55% WordPress sites were out of date
• 86% Joomla sites were out of date
• 96% Magento sites were out of date

making it easy to see a clear relationship between infected Joomla and Magento websites and webmasters who aren’t maintaining their sites properly.

3. Focus on WordPress

As the world’s most popular CMS, the cause of attacks on WordPress websites was examined in greater depth.
Three out-of-date and vulnerable WordPress plugins were responsible for 22% of all the WordPress compromises, and the frequency of each responsible plugin is shown below:

• Revslider (46%)
• TimThumb (27%)
• Gravity Forms (27%)

Since each of these plugins have had fixes available for more than a year (TimThumb since 2011), Gravity Forms (since December 2014) and RevSlider (publically disclosed in September 2014), the fact that 22% of all the infected WordPress websites were still using at least one of these, is of concern.

Sucuri concludes that the WordPress community still faces a challenge in making website owners and webmasters aware of patches and fixes and encouraging them to keep their websites up-to-date and secure.

4. Malware

The most common malware families responsible for the hacked websites were

71% Backdoor (files used to reinfect and retain access)
60% Malware (browser-side code used to create drive by downloads)
38% SPAM-SEO (compromise that targets a website’s SEO)
8% HackTool (exploit or DDOS tools used to attack other sites)
7% Mailer (spam generating tools designed to abuse server resources)
3% Defaced (hacks that leave a website’s homepage unusable and promoting an unrelated subject)
3% Phishing (attackers trick users into sharing sensitive information eg. log in information, credit card data etc)

The worrying thing to note here is that 71% of all infected websites had backdoor attacks which allow the intruders to bypass controls without presenting any external signs of hacking to website visitors. These backdoors are particularly effective as they can’t be detected by most website scanning technologies.

SPAM-SEO hacks were also on the rise – up to 38% in Q2. This is where the sites were infected with spam or redirected web visitors to spam pages such as content about Viagra, casinos, porn etc.

5. Blacklisting

Nobody wants their site to be blacklisted by Google, Norton or McAfee as it can damage the company’s reputation enormously, can adversely affect search rankings and also cause havoc with email systems.
However the research into which infected websites were blacklisted provided some startling statistics: only approximately 18% of the infected websites were blacklisted.

So that means that 82% of the 9,771 websites examined were free to distribute malware!

 

IN CONCLUSION – A large proportion of hacked websites arise simply because the CMS core system, the plugins, the scripts etc have not been kept up-to-date.

Even if a malware attack doesn’t cause your site to crash, there are several reasons your website visitors will flee when your site is hacked.  Furthermore infected sites can get blacklisted by Google – or perhaps even worse – keep on functioning and spreading malware to all your website visitors.

It is impossible to over emphasise how important regular maintenance is to reduce your website’s vulnerabilities and help secure it against attack.

Are you sure that YOUR Website is in capable hands?

See the full Sucuri Hacked Website report here

WP Support Specialists is a global WordPress support business dedicated to WordPress and WordPress alone! We offer emergency support and regular WordPress maintenance packages. If you want to have a no obligation chat about how we can keep your website secure, please get in contact.

* Data taken from W3Techs