Let’s talk about Wordpress blog post hero image

Let’s talk about Wordpress

Yes you did read the title correctly, we are going to talk about Wordpress a content management system we currently do not use, however as some 43% of the internet is powered by it and many escorts and agencies use it either set up by themselves or a designer we thought the following might be of interest.

Firstly, why don't we use it here at 69Design? Well the answer is we might, we are currently evaluating it for certain markets, such as quick and relatively cheap templated designs, however we want to make sure we understand how to use it correctly and not just be another theme based design house using pre-made templated themes which may be inflexible or worse insecure. So in the course of our investigations we came across these bit of information.

Wordpress has a reputation for having vulnerabilities to hacking attacks, which certainly in the past has been true. However the core of Wordpress now seems to be stable and secure, the problem now is in the themes and plugins and the lack of knowledge of the person responsible for the administration of the site.

Theme vulnerabilities. Many assume that a theme can just be added to the website to change the look to something close to what you need and with some further tinkering can do the the job pretty well. Technically this is not hard, a little knowledge of HTML may be needed and perhaps some digging into the theme but that's pretty much as far as some designers go (and charge handsomely for it) however there is more.. Themes commonly include custom code, often for file upload features and these are vulnerable to malicious uploads which can grant access to the whole website admin areas with all that can involve.

Plugin vulnerabilities. In 2021 there were 35 critical vulnerabilities reported in WordPress plugins. Two of these critical vulnerabilities were found in plugins with over one million installations! The point to remember is these vulnerabilities relate to the latest versions, many plugins are not kept up to date on sites, making the situation potentially far worse. In total 1,500 new vulnerabilities were added to the Patchstack database, and nearly 92% of these were from plugins and themes hosted on the official Wordpress repositories.

These coupled with inexperienced or lazy web designers could mean your site is at risk from hacking attempts. make sure whoever is responsible for your site is knowledgeable and at the very least takes the basic security precautions such as regular core, theme and plugin updates and secures the access to the admin area. If your site uses /wp-admin as its login page it's a sign that your administrator is not taking suitable precautions either through inexperience or laziness.

We hope this helps a little, of course if you are managing or have a Wordpress site and are unsure of your security safeguards please get in touch and we will be happy to try and help. Better safe than sorry as they say.

Or use the contact form below