WordPress is arguably the most popular website platform available today. It sits in a good position between power and ease of use and has a very active community around it. Due to its popularity it is a prime target for attack, so updating your WordPress site regularly is vitally important.
The more popular a platform is…
The more popular a platform is, the more likely it is to become a target for attack. Take Windows for example, the main reason it is attacked more than any other operating system is because the vast majority of consumer computers, whether they are laptops or desktops run on it. There is a far greater chance that your target computer is running Windows than any other operating system.
Now you could argue that it’s virtually impossible to stop everyone from getting into your website, computer, phone or whatever this is not the target of this article. The vast majority of cyber attacks will come under what is called in hacker and security circles as a “script kiddie”. This is the term generally used when someone sources attack code from somewhere else instead of writing it themselves. White-hat hackers/penetration testers often use these tools to test the resilience of client networks against these sorts of attacks.
People have often argued “why would anyone attack my website, I’m not a large corporation”. While this is a valid argument outside of computers it doesn’t hold up when the internet is concerned. The people are not targeting you individually, they are generally targeting the platform you are using via the ISP (Internet Service Provider) you are connected to. What I mean by this is they may target all the people out there that use a specific version of Android on their mobile device or WordPress for their website connected to an IP address from your ISPs range. This is often due to the software they are using specifically targeting a known vulnerability or weakness in that version of the platform you are using. It is also very easy to scan an IP (Internet Protocol) range for potential targets.
The importance of updating your WordPress site
Now here is lies the importance of keeping your site up-to-date. When these “script kiddies” get hold of a piece of attack software, what they have gotten hold of is an automated way to exploit a known security vulnerability in that platform. That is by the time someone has built a bit of software to exploit the attack and your attacker has downloaded it, it is highly likely that this is a well known exploit. The likelihood is that the software vendor is also aware of the exploit by this time and has built a patch that you can install on your WordPress site, and since with WordPress all you have to do is click update there is very little reason for not doing it.
The majority of attacks are going to be from these pre-built scripts, which as stated are targeting known holes or vulnerabilities in your site. These tools are usually simple enough that someone with at least a basic level of computer skills and a fair amount of patience can operate. You’re highly unlikely to attract highly skilled hackers unless you are a worthwhile target, like a large corporation, military or government department.
It is a very good idea to keep your WordPress site up-to-date, and why not since all it takes is a couple of clicks of your mouse to install updates. This will not guarantee that no-one can get into your site however it will prevent the vast majority of attacks plus potential attackers are likely to pick on someone else if you make it too difficult for them.
If you don’t have the time to keep your site updated then I would recommend looking at a Managed WordPress solution. This is when your provider takes care of all the updates.