In times of chaos, it seems that hackers thrive. That’s why since the start of the Covid-19 pandemic the amount of malware on South African websites increased by more than 300%. In this uncertain time, hackers are preying on the vulnerable and exploiting the situation as far as possible. “Don’t fall victim to cyber threats,” warns Domains.co.za CEO, Wayne Diamond. “Protecting your data should be a top priority,” he adds.
“Your website is a good place to actively address your cyber risk,” Diamond recommends. “Most people think an SSL certificate and anti-virus programmes are enough to safeguard their data, and these are of course a must, but there is a silent threat most website owners aren’t aware of. Vulnerable plugins” says, Diamond.
Currently, WordPress is the most popular Content Management System (CMS) on the market, offering customers diverse plugins that can optimize and enhance user experience and website functionality. As a result, hackers do target WordPress for vulnerabilities. Recent studies have shown that hackers are finding it easier to exploit vulnerable plugins in order to hack a site, rather than attacking the WordPress system itself. In fact, 83% of hacked WordPress sites weren’t updated at the time of the attack.
Running updates for your WordPress plugins is only a part of the solution. “You have to manage your WordPress plugins regularly,” advises Diamond. “This means running updates, installing reputable plugins only, checking whether you really need all of them, deleting the ones you don’t use anymore, checking whether you have an abandoned plugin installed, and doing this on a regular basis.”
How to manage your WordPress plugins to reduce cyber threats
Limit the amount of plugins you install
The more plugins you have, the more developers you entrust with the security of your site and ultimately, the more maintenance you have to do to keep your website safe. When it comes to plugins, less is definitely more. Look for quality. Make sure every single plugin you install is essential to the overall success and functionality of your website.
Only install reputable plugins & delete unused plugins
There are tens of thousands of plugins available for WordPress. Choose reputable plugins that have been added to the WordPress.org directory or have been approved by the experts. As important as it is to install good quality plugins, it is also essential to get rid of the ones you aren’t using anymore. Any installed plugin increases your site’s “attack surface”. If it doesn’t serve a purpose, delete it.
Run plugin updates ASAP
It is important to run plugin updates as soon as they become available. Multiple studies confirm that a high percentage of hacked WordPress sites weren’t updated at the time of the hack. Developers develop a plugin update with good reason; whether it is to fix security flaws, bugs, or to improve functionality, etc. Cybercriminals are aware of this; the moment an update is released they focus their attention on hijacking sites with the older versions installed before these patches can be applied.
Check for abandoned plugins
Sometimes developers become disinterested in a plugin and stop creating updates for it. We can’t blame them, but abandoned plugins are really bad news for your website. If a plugin has not been updated in two years or more, chances are it has been abandoned. If this is the case, do not install it, or delete it from your website and replace it with a recommended plugin from a reputable developer.
Domains.co.za is a leader in the local domain and hosting environment. Together with its value-added solutions in online security, Domains.co.za specializes in providing affordable, professional online tools, especially to the SMME market to assist them in getting their businesses online and to do so safely. Innovative breakthroughs like its WordPress Hosting offers advanced features such as smart automatic plugin updates, a feature that saves customers time and offers peace of mind.