If you’ve ever operated a WordPress website for any length of time, you’ll know those updates I’m talking about. You log into your website there’s that blast of color in the sidebar, in the top of the page, all over. Your website has X updates available! Update WordPress to version X.X. My Cool Plugin has an update, UPDATE NOW. And if you’re like so many people, you train yourself to ignore these, click the little “stop bugging me about this” box, and go on with your life. If you are one of these people, I know it’s really tough, but please try to do the following steps:
If that’s all you get from this, mission accomplished, and your website will be a much happier place in the long run. If you want to know why this is so important, keep reading.
It’s a pretty easy thought process. My website is done. I paid my developer, the code is loaded, my site is changing the world — DONE. But the problem is, just like your computer or your phone, your website is really at it’s hard just a bunch of hardware and software, and software for one reason or another seems to always need updates. Here’s a couple of the main reasons.
I know, it’s shocking, right? Those awkward geeky developers act like they know everything, have all these fancy debugging tools, and yet they still release software that has bugs in it. A quick side note (as a developer) — when I’m saying “bug”, I’m not necessarily meaning “the developer screwed up because they were being lazy, weren’t being cautious, etc”. Sometimes those happens. Sometimes though it’s more along the lines of “Huh, I never anticipated someone using the software that way” or “Weird, I don’t use plugin XYZ so I never new my software had problems living along side it.”
How does that affect your website? Well, chances are, if you can update your website without having to change code to do it, you’re probably running on what’s called a Content Management System (CMS), something like WordPress, Joomla, or Drupal to name a few. These provide a foundation for your website so that you (or your developer) can spend time and money on the parts that make your website unique and not the basics like how to save content, display menus, etc. Just like any other pieces of software, these CMS have bugs, get new features, or have security updates, and when they find problems, they try to be nice and fix it. They’ll fix it, send out an update, and that update will show up in your CMS or as a pesky notification saying “Please update me, I fix bugs”.
Another place this ends up happening is in the plugins / modules / add-ons your site might use. Just like using a CMS framework potentially saves some time and effort, so can using pre-built plugins. Need a quick generic gallery on your site? Throw in a plugin! But like everyone else, sometimes their software has bugs. Sometimes because someone else’s software had a software update and changed something important, they’ll have to make a change to keep their plugin working. They’ll release an update to make sure your site keeps working.
It sucks, and everyone always seems to be shocked the first time they find out that someone has either attempted to or successfully attacked your site. It’s usually followed by “Why??? What do they want with my site???”. Well, honestly, probably not much. Chances are they didn’t even knowingly target your website. Instead, they had a script (small computer program) just start attacking random sites using known software bugs, and just happened on your site. It’s probably not personal, but they probably want to use your site to either promote something “buy these pills at this url” or point your website at another website that’s more important in the hopes of bringing it offline.
Whatever the motivation, people will try to break into your website. On the other side of the fence, there’s people that write software that try to keep those people out, and with your website, the end product of these people will often be “security updates”. These are super important to install. They keep people from breaking into your website. They also affirm that there was a problem with a piece of software, so if you don’t update, the bad guys will know that’s a valid way to break into your site, and use that method because you were too lazy to update. Please install security updates!
While WordPress is often one of the most attacked platforms on the web, it’s really not insecure on it’s own. It’s just one of the most popular things on the web. Same goes for other CMS. When a software platform is popular, it naturally becomes a popular target for attackers. Just remember that in general, most of these platforms are pretty secure, they just need some help and maintenance.
First off, you can probably guess what I’m going to say. Keep your software up to date! Do it regularly! Here at Figoli Quinn & Associates, for the sites that we host we maintain weekly schedules to update our websites and their servers, plus we do backups just in case anything was to happen. Keeping things up to date is the first and most important thing to do. There are also some extra things you can do to help out WordPress (or your CMS of choice). Make sure you use secure passwords. Don’t use “letmein”, don’t use “admin”, don’t use the name of your website. Make it difficult. No matter how much technology goes into making your website secure, if I can just guess your login, I’ll be able to break in and wreak havoc. There’s also some tools you can use to prevent people from using scripts to try to guess your login credentials. One of the WordPress plugins we like to use is https://wordpress.org/plugins/wp-cerber/. It prevents people from brute forcing passwords (trying again and again until you break in), and really helps to lock down WordPress and keep it secure. If you’re using WordPress, I’d definitely install it.
Like I said at the beginning of this, if you’ve learned nothing else but to go ahead and press that update button the next time you log into your site, mission accomplished.
That’s a good sign you need to talk with us.