I ran across this recent piece on security for WordPress sites:
With roughly 27% of the internet running on WP that’s a less impressive number than it appears¹ but it is a good reminder of the importance of maintaining security on your web properties. For content owners in medium and large enterprises, there’s a presumption that “the IT guys are handling security”. But every day new stories report breaches like this and it’s important for business owners to get familiar with the company’s efforts to protect content. If a breach does occur, the same people who manage the content will have to a) repair the damage; and b) answer questions about what happened from angry executives. It’s critical for business owners to get comfortable enough with security issues to understand how their tools and content are protected.
For small business owners, the needs are the same but the responsibility is greater. If you’ve had a vendor build a site and they walk away without further support, you’re responsible for keeping things up to date. Some things to ask:
- Is there an automatic update available from your web hosting company so you don’t have to worry about it?
- Do you know what version of your Content Management System (CMS) you’re on?
- Do you know how to update your site to the latest version of your CMS?
- How secure are any plug-in features your site is using?
If you have a vendor on retainer or available to make updates, you need to ask them these questions as well. When you hire them, ask them what they know about security and whether or not they are aware of risks like this. It seems like a lot of work, and it is. But your web presence is a valuable asset that you invested time and money into creating, and it requires the same concerns you have for physical property. If you lock up your computers or tools, you should take the same care with your digital presence.
* For what it’s worth, this site also runs on WordPress and is updated to WP 4.7.2
¹ There are statistics about the web everywhere and making useful sense of them is probably pointless. Even so, based on http://www.worldwidewebsize.com/, as of 2/13/17 there are 4.7 billion total pages on the web; 27% of that is about 1.27 billion; 2 million pages = about 6% of the total. Not nothing, but also not a massive breach.