At least a few of you know that I push pretty hard when it comes to updating software that runs websites. I always refer back to the reason: old software is easier to hack. Today I ran across this article about a cybersecurity expert who got his website hacked. And why? Because he didn’t update the software. So here I am deciding to remind the two of you who read what I post that you should make sure your software is updated. Of course, if you run WordPress and we management here at GCI for you, we do periodically update the software that runs your website. That’s not all we do. We constantly evaluate the security, caching and antispam tools that keep your website humming along. You might want to read the guy’s article. At the end, he asks what we do to harden our websites. So for those that run on WordPress, here it is:
- Update the software. That includes the WordPress core, plus all plugins and themes that are installed.
- We upgrade the environment as much as we are able. PHP 5.4 is more secure that PHP 5.2.
- We run security software to prevent common hacking techniques. This has changed over time and not all sites have been moved to the latest, but we’ll get there in the next round of updates. The latest? iThemes Security.
- We run caching software so most requests never hit the code. W3 Total Cache is amazing and what keeps our websites running quickly and economically.
Since posting this, one GCI local church website was hacked with an out-of-date plugin. It’s been fixed, of course. In recent months, 4 WordPress plugins have had critical security holes discovered in them. Find out more here: http://www.zdnet.com/wordpress-plugin-vulns-affect-over-20-million-downloads-7000031703/