Security doesn’t just mean building things right- it means updating EVERY time.
There’s a myth that WordPress has bad security because so many people who have WordPress sites have had them hacked. The truth is that 30% of the ENTIRE internet runs on WordPress which makes it a hot target for hackers. The developers are constantly striving to keep one step ahead of the constant efforts to find cracks in the security and exploit them. But if updates aren’t made to a site, all of these efforts are for nothing. It’s like having a push-button lock on your front door when all your neighbors have deadbolts (or motion sensor closed circuit monitoring).
And the world of wordpress moves fast, between December 2018 and January 2019 there were 3 releases of wordpress and php 7.0.1 was released.
Our hosting clients get monthly reports detailing the activity of users on their site. One site showed a lot of hits from Russia and referrals from weird urls like “bestsox.com”.
When referral traffic is from odd or parked sites, it’s not a good sign. Often times in an effort to increase their ranking on Google, site owners will imbed all kinds of links just for the score boost. This can reflect poorly on your site though. It incriminates your site by association!
Another type of link your SEO can suffer from is toxic “site-wide” links. If you are referring to something- you would include a link to a specific page like THIS article on bad and toxic links. What you wouldn’t often do is include a link to a sites’ homepage. If a page has a high page authority ranking, this kind of a link would help you, but otherwise it will drag you down.
This clients’ site was hosted elsewhere and when we looked we discovered that it was running on php 5.6 – a version that expired (EOL) in 2016 and is known for having security vulnerabilities.
What? I don’t just have to update WordPress itself? What is php?
WordPress looks simple, but that’s just good design. It’s made up of several different code bases. ALL pagebuilders are created with code- it’s just how much of it the user sees (or gets to manipulate) that’s different.
WordPress Core
WordPress is the framework that holds the information that your site displays and a handy back – end interface where you can easily manage it all.
Plugins
Mini-programs (similar to API’s) that add functionality to your WordPress content. Think WooCommerce (Handles: stock, purchases and online payment)
PHP
Php is the LANGUAGE that many of the functions of WordPress are constructed in. It’s mostly a server-side technology. So if you have a plugin (like WooCommerce for example) that stops working, it may be because your host didn’t update the PHP version on the server.