WordPress, FedEx, and UPS.
Think of WordPress as a package delivered to your doorstep by the FedEx gal.
Think of your WordPress theme as a supplemental package delivered by UPS.
Think of your 20 different WordPress plugins as an stack of smaller packages delivered by UPS, FedEx, the US Postal service, a local courier service, and one or two of them are brought over freshly made from your neighbor’s house.
Together, these packages build your website. In some cases, you can remove a plugin package and it has no noticeable effect, or a relatively minor one. In other cases, just breaking the seal on the package incorrectly can cause the whole website to crash.
On the day that your developer finishes putting together all the packages to form your website, everything looks great. All systems go.
But the next morning, one of the plugin packages shows back up on your doorstep with a note that says “security fix, install immediately.”
A week and a half goes by, and your neighbor stops by with a note that says their fresh baked plugin has a new flavor, and you should check it out. There’s also been a steady stream of deliveries from bike couriers with updated plugin packages.
By the next month, the UPS guy knocks, requiring your signature on a new theme package. He snickers and says “see you next week!”
Three months later, the FedEx gal shows up with a big package from WordPress that says “Major improvements to page load time, install now!”
If you don’t stop by your front porch once a week or so, you end up with a stack of boxes leaned against the door, and that shady neighbor 3 houses down starts to slow down and crane his neck out of the window on his way to work.
A hacker’s best method to gain access to your website (other than a weak password) is trolling the source code on sites for older versions of software. Leaving software un-updated is like leaving more than just your packages on the front porch. It’s like leaving your keys and a list of all your valuables with their location in the house.
Depending on your server setup, it could be like leaving an unsigned deed to the house on the front porch and using a notary stamp as the paperweight.
Here’s the point: regular maintenance is not optional.
Am I overdramatizing with this analogy? Not by much! Twice in the history of my website I’ve had code incompatibility that completely wiped out my database, and once it gave rise to being actually hacked. Sure, I sell services to help with this, so I benefit from a certain amount of fear.
But I don’t deal in fear, I want users to recognize that the trade-off with free, ubiquitous software is that it comes with greater risk of hackers, and greater risk of incompatibility.
The more WordPress grows, the bigger target it becomes for malicious code. WordPress is a very secure piece of software, and most reputable themes and plugins are secure as well. But all it takes is one plugin developer not sanitizing their front-facing inputs (for example), and you’ve given hackers a doorway. If the hack they execute gives them admin access to your site, or enables them to write to the database, things can get hairy quickly.
Stay on top of code updates. You might already know this, but I offer services to go in and update all of your site’s plugins, themes, and core code to keep you up to date. I’m a digital steward in the same way estates have stewards: I sign for all packages, and get them installed with no problems. You’ve got better things to do with your life than install software every week. Get started today. (mention this post for 15% off the first payment)
What questions do you have? Contact me today, I’d love to hear from you.