Save time and money by outsourcing your WordPress Site Care
WordPress is a great platform for advanced web sites and is by far the most popular Content Management System today. All this great performance and convenience is undone if regular updates are neglected. The cost of expert Site Care is insignificant in comparison to the loss of business reputation. Unfortunately it takes being hacked for most to understand this. In this article we explain why you should consider outsourcing your Site Care and some handy tips if you still want to do it yourself.
Your online reputation is a fragile being in that if you attract attention for the wrong things it is remembered forever. The online world is like the most unforgiving partner you could ever imagine. Once they judge you they tell the world and it is very difficult to undo the damage to your reputation or your business.
We have all seen cases where someone posts something on social media and then try to backtrack or delete their posts. Unfortunately the post is there forever and will be available for their grandchildren if they care to search for it. These are times like no other in history where information is 24/7 and reputations are formed or lost at the press of a button.
So what has this to do with your WordPress web site? Regardless of the source of the content, whether by a designer or by you, once the site is online it will attract visitors who are looking to exploit your site. They come with varied goals and the majority, if successful, will not be obvious to you. Hacking is not just about defacing your page although this is what most people think and look for when checking their site. Yes, it does happen and is embarrassing and is a hit to the reputation but it is the behind the scenes activities that are more of a concern. Don't misunderstand me, a visibly hacked site is an alarm bell for anyone visiting or having previously used the site. Loss of customer private information should be a major concern as well as what else may have been done in the background.
The main goal of a hacker is to hijack your resources for their own means. They may be looking for a server to distribute spam or illegal software. Even worse, they could be distributing malware or ransomware to innocent visitors. The first you may know of these activities is a browser warning about the site reported by a customer or a sudden loss of traffic as search engines blacklist the site. Another warning maybe from your host who pulls the plug on your site because of rampant use of resources. This not only affects your reputation but on a shared server affects your neighbours as well. Think what this would do to your business reputation and the potential long term costs of trying to restore the site, rankings, and customer confidence. If you are selling online you can kiss sales goodbye for an extended period. And what if it is your neighbour who is hacked and causes your site to be blacklisted? We discuss how to mitigate against this later in the document.
The areas that you are vulnerable are; your hosting platform, your WordPress installation, and your administration of authentication to both. If a hacker accesses your hosting management through password interception or cracking they will have full and open control to do whatever they want. Ensure you have strong passwords which are changed regularly. The same applies to your WordPress login. It is very important to lock down access to only those that require it.
Other avenues of access revolve around exploits in code - this may be code used on your server or within your WordPress installation. Most hosting providers patch their code regularly to prevent a loss of reputation (and customers) due to the server being hacked. That being said there are many servers that are running old code and susceptible to hackers.
Your WordPress installation is vulnerable on several fronts - WordPress Core, themes, and plugins. Each component is maintained separately and updated by the developer either to add features or close security holes (exploits). Updates to WordPress core may be automatic (depending on your settings) although the danger with this is that plugins and themes in use on the site may not be compatible with the new version causing the site to break. Plugin and theme developers have their own update cycles for features and security patches with the added effort required to keep compatibility with the WordPress core. Sounds like a lot of updating going on? Absolutely! It is understandable why many site owners find this too hard and confusing and come to the conclusion that if it isn't broken, leave it alone. Unfortunately this is when they leave themselves vulnerable and the potential for loss of business reputation becomes very real.
So what does a WordPress Site Care expert do? Usually the WordPress Site Care expert will start by scanning the site and server looking for existing malware and vulnerabilities. An offsite backup is made and the vulnerabilities and malware are addressed one at a time. At each step a backup is taken allowing the site to be restored if necessary. This may require access to the hosting management if things go wrong so be prepared to provide hosting management and WordPress admin logins. The next step is to add some additional plugins that allow the site to be managed centrally and also harden up security. Central management allows the site to be remotely monitored and managed. Once the site is integrated a backup is taken and the site scanned for all required updates. These are assessed for compatibility with the other components and only those that are compatible are updated. At every step the site is backed up allowing for an incremental restore if needed. Any plugins or themes that have been abandoned (not recently updated by the developer) are assessed and replaced if necessary. When the site is up to date another security scan is performed to ensure that all is ok and a firewall system integrated to block common and new attempts at accessing the site. Additional security will be applied and the site further hardened to protect the site from hackers. A number of other tools are deployed to allow monitoring and in dashboard support. The site is then monitored and measured constantly including login attempts, successful logins, changes - adds - deletes etc. This information is compiled monthly and delivered as a report to you so you can see the actions of all site users including the Site Care system.
So what can you do yourself to improve your site security? The number one recommendation is to use a Site Care expert - either to update the site as a one off task at regular intervals or to subscribe to the service. Note that subscription is cost effective when compared to paying for time and even more so than the cost of recovery and restoration of reputation. If you do not wish to outsource this function you need to follow the process described above - scan...backup...updaate...backup...update...backup...harden...backup...monitor and continue to do so.
What about managed WordPress hosting? Managed WordPress hosting will provide a streamlined WordPress optimised server that will perform well. Support engineers will update WordPress core when required but they will not update plugins or themes. Remember also that existing plugins and themes may not be compatible with the new WordPress core and break your site. If the host detects malware or an exploited installation they will suspend your hosting until the problem is resolved.
Are there other hosting options? Yes, your WordPress Site Care expert may be able to provide hosting on a dedicated hardened server which will only host sites under full management reducing your risk of collocating with exploited sites. Other options are to use a dedicated server or Virtual Private Server which will ensure that collocated site exposure is not an issue although the server will require hardening and all WordPress updates performed as required.
In conclusion, your online presence and reputation requires the same considerations as bricks and mortar - you need to consider security, regular servicing, monitoring, and the use of the appropriate qualified service providers for each function. With bricks and mortar business you do need ask the shop fitter to service your point of sale terminal or change your locks. Why would you expect a site designer to provide IT and security services as involved in Site Care? Even more, why would the shop keeper try to upgrade the shop electrical system? Please consider using professionals for protection of your online assets and reputation.
Author Credits ::
Steve has over 20 years' experience in online consulting and IT and is available for consultation through his web site at ManageWP® Australia. Steve operates a successful WordPress Site Care business and provides server support, site relocations, minor WordPress content changes and updates, and consulting for business owners, designers, and hosting companies. His business ManageWP® Australia is not related to managewp.com
Phone: 1300 816 742
10 Tom Latimer Court
Worongary, QLD 4213