Is your company neglecting pressing maintenance for your WordPress sites?
Have you been putting off maintenance around the house or yard? Is it time to change the batteries in your smoke detector, replace the filter in your furnace, or seed your lawn? The same is probably true for your vehicle maintenance. When was the last time you checked your tire pressure or windshield wiper fluid? You are probably thinking that this maintenance can wait because you are far too busy with more important things. This may be true…until the lack of maintenance causes a problem that needs your immediate attention.
Have you been putting off maintenance for your company website as well? When was the last time you reviewed the health of your website? Software and hardware are constantly changing. To keep ahead of the bad actors of the world, you need to keep your website maintained and secure.
Are you using WordPress for your website? According to the website tracker site W3Techs, WordPress has a 43% share of all websites. Many companies choose WordPress because it is easy to use and doesn’t require much coding. A WordPress website consists of a server (Apache or Nginx), a database (MySQL or MariaDB), core WordPress, PHP scripts, a theme, and several plugins. Hardware and software typically have updates released by vendors throughout the year. It is important to apply these updates to keep your site as secure as possible.
Just like the software on your laptop, core WordPress, the theme, and the plugins all need to be updated periodically. Core WordPress has some configuration settings that will automatically update the core software when updates are released. However, there are times when you might not want to always force updates. WordPress has a setting that will only apply core minor maintenance and security updates automatically, which is what we recommend. Core updates may in turn require updates to the theme and plugins as well. WordPress has a feature that will automatically apply plugin updates, but as a best practice, we recommend manually applying them to a test site first to ensure the updated plugins won’t break the site. You may also find that the software version of PHP or WordPress on your server is reaching end-of-life or is no longer supported, which can also impact themes and plugins used on your website. All these pieces can make the task a little more challenging, but it’s better than facing the reality of a costly crisis due to a broken website or a security breach caused by a lack of maintenance to your website.
Several years ago, Keller Schroeder undertook a thorough review of several hosting vendors for our own company website. As a part of the vendor review, we considered maintenance costs, support response time, server access, migration services, ease of use, and day-to-day server support. To keep bad actors from accessing our website, we have put several security measures in place. We have several firewalls, limited Admin access, a WordPress security plugin that features a WAF (Web Application Firewall), 2FA (Two Factor Authentication) login capabilities, a malware scanner, and real-time IP (Internet Protocol) blacklisting. The hosting vendor provides scheduled server offsite backups as well as vulnerability scans that we monitor. As an additional measure, our Keller Schroeder Cybersecurity team installed and configured Qualys software modules to help with keeping a watchful eye on the server. This product periodically scans the server for any vulnerabilities and creates a report with a list of remediation tasks to ensure the website is properly secure.
To learn more about how Keller Schroeder can help review and implement best practices for your WordPress environment, please reach out to our Applications Solutions Group.
Think Digital. Embrace Clarity. Increase Advantage.
Written By:
Brett Romershausen
Web and Midrange Consultant
Applications Solutions Group