If your WordPress website is important to your business or organization then it is crucial that it be audited at least every month. Even if your website is just a “brochure” website or a simple landing page which doesn’t receive regular updates, a lot can happen to it that will negatively impact your business or reputation. Here are some examples and stories of things that can happen if you don’t audit your website regularly and the basic things you should audit when you do.
Hackers can cause havoc to your website. I’ve seen people get hacked due to out of date plugins, insecure ftp usage, unencrypted WordPress log ins, and more. Here are some things that hackers can do to websites if they gain access:
- Website Defacing is when a hacker completely removes your website content and replaces it with there own. I’ve seen content replaced with political information as well as pornographic. Imagine your shock to go to your website and see extremely graphic images and words instead of your products or services. This can be bad for business.
- Ransomeware has been around for a while targeting Windows computers. There is now ransomware groups targeting WordPress. You can read about it here. Ransomware locks and encrypts your website data so your website is unavailable to the public until you pay a ransom to the attacker.
- Malicious Redirects can be added to your website by a hacker to redirect visitors to another website of their choice. The worst case scenario being that the hacker redirects visitors to a site that looks just like yours and gets them to purchase a product that does not exist, thus harvesting credit card data.
There are a lot of other things that hackers can do. While these situations may not be likely, this list should sufficiently scare the bejesus out of you and illustrate why you should secure your website and visit it regularly.
Disappearing Configs & Plugin Interuptus
I recently had a client contact me saying that her website was “not there any more”. Instead there was an error message indicating that WordPress needed to be set up (her site had been up since 2014). Somehow, her configuration file had been deleted. She doesn’t know how long it had been down as it had been months since she visited her website. Any SEO value that had been built up is diminished or gone because the site was offline for so long
I uploaded and configured a config file and the site was back.
I started to test the site by navigating to other pages. I kept getting 404 errors indicating the pages were missing. So I logged in and noticed an error message from an Instagram plugin. I addressed the error message issue and the pages returned.
While logged in to the WordPress dashboard I noticed that over 20 plugins needed updates and that there were over 500 comments. Many of them quality comments that can really help a website.
The point of this story is to illustrate that a few minutes looking at your website (either you or your webmaster or an employee) can stave off catastrophe and alert you to simple but important things that need attention. In less than an hour I was able to:
- Identify missing config file and fix it, thus fixing the website.
- Identify a plugin issue causing missing pages and fix it.
- Identify 2 other issues that need fixing (plugin updates and beneficial comments needing to be approved).
What To Audit On WordPress
Your website is a complex relationship of hardware that stores operating software running server software running WordPress running plugins that are translating, organizing, storing, and displaying data. While you can’t do much about the health of the first few layers of hardware and server software, you can do something about the health of your WordPress installation and website.
- Install Backup plugins and automate at least monthly backups.
- Install security plugins and automate at least monthly security sweeps.
- Log in to your WordPress dashboard at least monthly and do the following:
- Address any comments that have been posted. If they are authentic then approve them, if they are spam then remove them
- Update any plugins that require updates. Always backup your site first.
- Update the WordPress core software if need be. Always backup your site first.
- View as many of your web pages as you can every month and do the following:
- See if any pages are missing, broken, or out of the ordinary.
- Test your contact forms or any other forms to make sure they are working.
- Make sure there are no broken images.
- Click on internal and outbound links to make sure they still work and the pages they link to are still available.
- Re-read pages to make sure words are spelled correctly, you have proper grammar, etc. (I’ve re-read pages 3 times finding a missing article or misspelled word each time).
If your website is down, has broken forms, has missing images, is riddled with grammar and spelling errors, or has been hacked and is being used for dark purposes, then your business reputation is harmed. If you can’t spend an hour a month looking at your site then hire someone. It will absolutely safeguard your website and business from negative impacts.