Small Business Security: Why Plugins can Be Your Site’s Achilles Heel
WordPress is a great tool for small business owners, since it has enough functionality to satisfy their website needs, and is easy enough to use that even if they don’t have a strong background in technology, they can still easily update their own blogs and learn to manipulate more advanced details through editing child themes. However, like anything that small businesses use over the internet, an understanding of potential security risks and how to combat them should be an elementary part of the learning process.
Update themes and wordpress versions, as well as plugins. Through storing changes to a website theme in a child theme, business owners can avoid losing edits they have made when their theme updates. Updating themes and making sure that the latest version of WordPress is installed will help you rest easy knowing that the latest security features are in place. However, if you are using plugins, which is almost certainly the case given the wide range of functions that they can serve as well as their near ubiquity among WordPress users, then you have another area to pay attention to lest you allow malicious attackers a back door entry to your website information.
Be wary of installing plugins that have not been updated in a long time. A plugin that no longer has support issued for it may eventually become a security risk, as hackers can find loopholes in the outdated code that allow them to perform actions using your website’s server. The issues that can arise include loss of trust, a crashed website, disappearing from search engine results pages and unwittingly infecting visitors with malware programs. If you are going to use a plugin with your site, then be sure that it is one that is able to be updated. Some very popular plugins had major bugs found and patched this Summer, so always be on the lookout for updates as you never know when one will be the difference between a safe site and one that is open to exploitation.
If you need to run a plugin that is no longer supported, consult with an IT professional to assess the risk. While it is uncommon, for whatever reason a small business owner may decide that a plugin that is no longer supported is essential for their website. If this is the case, it is better to consult an IT professional, not only to assess the potential risks posed by the vulnerable plugin, but also to determine if simply adding to the functions sheet in your WordPress theme or using customer PHP would be a better, less risky alternative.
Photo Credit to larsjuh on Flickr