How to handle WordPress security issues in a growing business

WordPress is quickly becoming the platform of choice for SMEs building websites: but are you aware of how to keep your site secure?

In 2014, small and medium sized businesses employed 15.2 million people and had a combined turnover of £1.6 trillion, and this is set to increase in 2015 and beyond.

The WordPress platform, favoured by many of these businesses as a place for hosting websites due to its range of personalisation options, secure payment gateway, and vast range of security plugins, hosts 23 per cent of all websites on the internet. As the number of SMEs continues to grow, the WordPress platform is set to coincide with this.

But with security threats targeting the platform, and bugs forcing users to constantly update plugins, how safe is WordPress for your business? Here, Daniel Foster, technical director at hosting company, gives advice to businesses about how they can protect their website and avoid running into security issues.

Make yourself aware of your website’s coding

When it comes to plugins, there are certain elements that are simply out of your control unless you have created it yourself. For a plugin that you have installed, it is the responsibility of the license holder to update and distribute any patched files. This means that you could quite easily be running out-of-date code that is exploitable – without even knowing about it. Businesses can guard against this by sourcing plugins from reputable developers that provide a clear update process.

>See also: Designing a website to complement your brand

One of the things that makes WordPress so popular is the fact that it has a whole host of brilliant plugins, but the downside of this is that they aren’t always coded to a good standard. This isn’t the case with them all, but you need to view it like you’re downloading something onto your computer; you wouldn’t download just anything onto your hard drive, and it’s advisable to treat plugins in exactly the same way.

Update as soon as you can

One of the things that makes WordPress at risk of security issues is the fact that a lot of the people using the platform aren’t trained and are self-taught developers. While this is one of the things the platform prides itself on, but it does mean that users might not be aware of some of the small things they could be doing, or not doing, that are putting their site at risk.

Failing to update plugins quick enough leaves your site open to being hacked. As updates are enabled, hackers will know which plugins had issues to begin with – giving them a window to potentially take control of your site.

Updating plugins might fall to the bottom of your busy to-do list, but it’s one of the easiest things you can do to safeguard your site. It’s simply not worth risking putting your business in jeopardy for any length of time whilst you untangle the mess that can be caused by hackers.

Don’t forget the basics

It might sound simple but if you’re still using the same old password for all of your logins, you could be putting your site at serious risk.

>Related: The importance of IT disaster recovery

It’s important that you don’t dismiss the usual precautions – you’ve probably heard them over and over – but it’s crucial that you bear in mind basic practices for safeguarding anything that is password protected. Ensure there is a mixture of numbers, symbols, and lowercase and uppercase letters in all of your passwords – it’s simple but effective.

Too busy? Consider a remote management tool

Life is busy when you’re running a business, so updating plugins and changing passwords might not be at the top of the priorities list. Think about using management tools that let you remotely install updates with a lot less bother. Jetpack, for example, includes a management feature that has many of the more established tools that the expensive services offer. WP Remote and Manage WP are some other options if you can’t find the time to track the latest plugins yourself.

Think about who’s hosting your website

Without blowing our own trumpet, it is really important that you choose a hosting company that is suitable for what you’re doing. Cheap and shared hosting isn’t ideal for running an eCommerce site, for example. But if it’s a personal blog you’re running, you don’t necessarily want WP VIP to be looking after it. You need to choose a company that gives you confidence that your website is in good hands. And preferably one that can be at the end of the phone in the middle of the night if for some reason your site goes down. Hosting is something that, although not a huge expense in business terms, you should really invest in.

WordPress is an extremely secure platform for users, as long as it is regularly updated for protection against hackers and bugs. So don’t rule it out as an option for hosting your website. It’s a brilliant choice for a growing business that wants control over its own website, and a breadth of personalisation options that can make the site truly tailored.

For more information, please visit

Further reading on IT: Why SMEs should tackle the personal cloud

Praseeda Nair

Praseeda Nair

Praseeda was Editor for from 2016 to 2018.

Related Topics

Tech Jobs & Careers