Over the years we’ve noticed that a lot of our larger clients tend to have live or dormant WordPress based website campaigns, microsites and blog sites which have gone off radar by their security teams. Overlooked and with a mix of bad practices and low level hosting it’s a recipe for disaster.
We recommend backing up your WordPress site daily and checking for updates weekly. We also recommend separating any WordPress developments away from your mission critical sites.
Ignoring WordPress updates and thinking your site and micro sites “will be OK” isn’t a good idea! A classic example of this is one of the most popular WordPress plugins Slider Revolution. This plugin had a serious vulnerability which allowed a remote attacker to download any file from the server.
We not only check all of our WordPress sites on a weekly basis we also update all plugins and apply any WordPress updates. After scanning a plugin if we feel it is deemed as a threat we remove or immediately update it. We also keep a month’s worth of backups of each site.
Here’s a current list of plugins we do not allow on our servers:
By no means are we suggesting all (or even most) of these plugins are bad plugins. Some of them can be very good however our main focus is on making sure they work well with our system and that they are safe for our customers.
If you’d like Hello Web to review your WordPress sites and discuss your hosting requirements please get in touch.