Why Monthly WordPress Care Matters

Nonprofit WordPress Advice

Why Monthly WordPress Care Matters

April 12, 2019

Just like a garden, a website needs constant care to thrive and grow. When you forget to water your plants, they can turn yellow and will eventually die if neglected too long. Website owners invest a lot of time, energy, and money into their sites - and wouldn't want anything to happen to it, right?

A website should always be online, secure, and updated for the best performance.

Security and maintenance releases

WordPress publishes new security and maintenance releases every month with major ones occurring every four months. These releases include important improvements and fixes and of the software. Version 4.9.8 published in August 2018, had fixes for 46 bugs, new enhancements, and blessed tasks that included updating the Twenty Seventeen bundled theme.

Potential threats to a website

Hackers use bots and spiders that scan the Internet looking for websites to exploit for vulnerabilities. These crawlers repeatedly try to log into WordPress and guess user passwords. If a hacker gains access, they can potentially inject malicious code or install malware on the server. Website owners don't want this happening because it can spread like a weed across many servers.

Sucuri WordPress audit log
Example hacker bots attempting to login into a website multiple times

Sources of hacking attempts

Cheap or free web hosting

Depending on the type of environment that's used to host a website, it can be a hacker's playground. Website owners should never host a website on cheap services or a friend's web server to save on cost. To provide inexpensive solutions, these companies have to compromise somewhere and usually, it's security and performance.

Instead, consider hosting with a reputable company that specializes in server environments that are specific to the needs of WordPress. Two top industry leaders are WP Engine and Flywheel. They have plans with very strong security protocols and staging areas for testing content before making live updates. They're also known for having high-quality customer service with excellent support.

Outdated WordPress plugins

The most common source for a breach in security is from outdated plugins installed on a website by an inexperienced user. Many times, the plugins have not been updated for months or years. Sometimes plugins are abandoned entirely by a developer. This is typically where hackers will try to hack into WordPress to gain access.

Very outdated WordPress plugin

General website neglect

Many website owners are very busy and simply can't keep up with the monthly care that's required to keep their website healthy. This neglect can lead to hidden issues that visitors may experience, costing them potential engagement and conversions.

WordPress isn't alone

Earlier this year in March 2018, another publishing platform, Drupal (versions 6 to 8), was part of a mass hacking campaign known as Drupalgeddon2. Hackers targeted critical vulnerabilities and exploited more than 400 government, corporate, and university websites into cryptocurrency mining platforms that drain visitors' computers of electricity and computing resources.

The value of regular WordPress updates

Many website owners don’t realize the benefits of maintaining the software on their website. It's not only about updating the software to ensure good security practices to keep hackers out. More importantly, it's to make sure the framework and plugins are functioning properly to maximize the overall health and performance of their website. 

Outdated WordPress plugins needing updates
Outdated WordPress plugins needing updates

Can't I just update WordPress myself?

As a website owner, you could try updating WordPress framework and plugins but would you feel absolutely confident doing it? Before installing any plugin, it's very important to know which ones are reputable and dependable.

When you're evaluating plugins to install on your website, we recommend reviewing WP Engine's Disallowed Plugins list. It's a great resource for identifying plugins that have poor performance, use a lot of server resources, or can be problematic that should never be installed on your website.

Define a clear updating process

In order to properly update the software on your website, it's important to have a clear process that ensures successful that updates won't break your website. At a minimum, you want to have daily backups, security checks, and uptime monitoring of your website.

If anything happens, you will also need a method to properly restore the site to a previous version before it became broken.

Fixing a broken or hacked website can be expensive

As a website owner, if you've ever had your website be broken, hacked, or go offline for long periods of time, it can be very frustrating and a time-consuming issue to deal with on your own. Some questions you might be asking:

  • Where's my website and what caused this?
  • Has my site been hacked?
  • Who do I call and where do I start?
  • How do I get my website back up quickly?

When this happens, you have two choices to make. Either try to fix it yourself and possibly do further damage or pay someone you don't know to diagnose and fix the issue for usually a very expensive price. So like a garden, it's important to maintain it in the first place to ensure everything is growing, keep you supported.

We can nurture your website while your work blossoms

As part of our WordPress Care Plan service, we first back up a website first before performing any updates. For clients on WP Engine or Flywheel hosting, we test software updates on a staging server that's hidden from your visitors. We also run daily backups and security checks to ensure your website is hardened from hacker attempts.

Our internal software monitors the overall health, performance, and uptime of your website 24/7. Your website is checked every five minutes and we’ll receive a notification if it’s ever offline.

Got a question or issue with your website? Use our ticketing system to request support and our team will notify you when it’s been resolved.

By Chuck Spidell, a Nonprofit WordPress Security Expert who helps women-led communications teams free up their time and lock down WordPress from getting hacked.