WordPress’s Security Issues Are Killing Your Business. Here’s Why.

When you signed the contract, they told you “WordPress powers 27% of the Internet. It’s a proven technology.” They told you how easy it is to use. They took you to lunch, they planned your website’s bright future. They even probably told you how fast it would be turned around for you. “Wow! This sounds great!” you thought. And it probably was great — for the first year or so. 

Then things started slowing down. It turns out the person who sold you your WordPress site did it to upsell you on marketing. Your site started slowing down, and things started happening that you didn’t quite understand. Spammers started hitting your email more often. And then eventually, if you were one of the many unlucky WordPress site owners out there, you logged into your site one morning to find that it had been hacked, and instead of being the face of your business — it was now a chinese landing page for black market erectile dysfunction pills. And the brilliant agency or developer who built it for you? Their solution is to just build you another, more modern WordPress site. And the cycle continues. 

You’d be surprised how often this exact scenario actually occurs. To professional developers, this has been common knowledge for quite some time though. WordPress has many benefits, but when it comes to running a secure, fast, and future-proof website. It simply doesn’t compete with a professionally developed website. Let’s learn why that is. 

1. Plugins

One thing that is often sold as a benefit is WordPress’s support for plugins. While plugins can speed up development by providing pre-built “drop in” features to a website, they also open up avenues to vulnerabilities that put you and your customers at risk. 

The core issue with plugins is that WordPress enforces no real standard for plugin developers. Meaning, any developer from anywhere in the world can write a plugin, and let other people use it. Since technology changes so fast, it’s very common for exploits to be found and for plugins to not update. This lets hackers enter your website and execute code on your server in pursuit of a malicious end goal. 

2. Themes

Similar to plugins, themes can be made by anybody with a computer and some free time. Also similar to plugins, there is no standard, and these themes often get left with a lack of support which inevitably leads to the downfall of a website. Hackers most often gain access to your server by means of a vulnerable theme or plugin.

3. Updates

WordPress is a piece of software, maintained by a large community of developers – so when something bad happens to the WordPress core software, it is usually patched and updated by the community. The issue here, is that your website doesn’t necessarily automatically get those updates. 

Since not all plugins and themes are compatible with new WordPress versions, it’s very common to see websites that are multiple versions out of date – which makes them heavily vulnerable to attack.

The resolution here is seemingly simple; update WordPress regularly, right? Not so much. When your site is filled with plugins and themes made by people who don’t keep these variables in mind, you will often find yourself stuck and unable to update – which places your website and your customers at risk of attack. 

4. Caliber of Developer

I typically don’t like to fire shots at other developers, but as a professional software engineer & web developer, there is an extreme negative connotation associated with the term “WordPress Developer”. It’s a red flag in the development community. There are exceptions to this rule obviously – as there are exceptions to everything else in life. But when one refers to themselves as a WordPress Developer, it’s often a signal that they may not be as established in their careers or as experienced with development as others in the field. The same goes for agencies who make WordPress their primary means of business. 

Whomever is making your website is taking on a huge responsibility. The responsibility to keep your customers safe. The responsibility to represent your brand online. The responsibility to represent YOU. That’s something that should be met with careful consideration, and in my experience, security and code quality are the first things on my mind when I choose to take on these responsibilities. 

WordPress has its place – but just like everything else, it is one of many solutions that should be considered. It’s not the solution for everything. When hunting for a new website, do your research, scan their client’s sites for vulnerabilities, and make your business decision with longevity and security in mind.

Leave a Reply

Your email address will not be published. Required fields are marked *