We were recently approached by a company whose website had been infected with malware. One might think, malware on a website, for what purpose?
While there are numerous reasons, lucky for us this scenario only involved injected spam to create backlinks for various websites. What it also did was show the average website owner the importance of keeping their WordPress core, and plugins, up to date, as well as using the right tools to prevent malware infections.
Keep Your WordPress Core Updated
If your website is built using WordPress then you should be aware of the continual updates for it. What you may not know, if you don’t read the release notes, some of these updates are security releases to keep your website secure. See release notes for WordPress 4.5.3 as an example.
Keep Your Plugins Updated
Much like the WordPress core, widely used and popular plugins, are updated by their developers. Of course these updates usually revolve around the plugins functionality and user-friendliness. But they are also updated to remain compatible with WordPress and to avoid and security vulnerabilities. Outdated plugins are often taken advantage of and used to inject malware.
Use the Right Tools
With so many plugins being available, sometimes it can be hard to find those few that are really necessary, for every WordPress install. One plugin we use on every website we build or manage is Wordfence. Wordfence is a security plugin that offers a lot of features for free, with a few extra features offered, for a subscription. Our favourite feature of the plugin is the malware scanner that can be used to find malware infections, or other various vulnerabilities, in your website. As was stated above, this is a plugin that should always be kept up to date, in order to keep your website’s security up to date.