Cybersecurity and Your WordPress Website

Table of Contents


    Hey, it’s Christina Hawkins from Global Spex. And today, I want to talk to you about the security and cybersecurity of your website. First thing, I attended a cybersecurity seminar, so my brain is just, “My God, this isn’t insane. How much craziness is out there, and how defensive do we have to be.”

    Protecting your data, protecting your computers. From a business side, many discussions were about your phone, laptops, and computers and watching out for phishing. Watch out for clicking links that look a little suspicious, but I would like to take it a little bit further here and discuss with you website security and your own company.

    We always have to manage a few areas when it comes to keeping your website secure.

    Password Management

    The first thing is logging in. Now, when you log in, you want to make sure that you’re not using the same password that you do with your bank, with your utility bills, or whatever it is that you’re using; try and use a tool called Last Pass that will allow you to create unique passwords for every single website you, you go to.

    And during the cyber security, they actually had a pretty good example of how this can help you if you are getting phished. So if you click a link and it opens up a website, let’s say it’s the Bank of America website, right? And by the way, I don’t bank with bank of America. So for everyone out there, don’t try and think you can find my bank of America.

    Because I don’t have a Bank of America. If you click a link, it says, “Hey, go to your Bank of America.” There’s a security issue!” So you click it, right?

    You go to the site, and it looks like Bank of America.

    It looks just like Bank of America, but your LastPass extension which might be on your Chrome or Firefox, or Safari browser.

    Usually, if it’s the bank that you normally go to, an icon will show a “1” that says you’ve got one user account for this website.

    If you go to it and that 1 isn’t there, you’ll know you’re not on the correct website because it’s not going to say, “Yeah, we don’t know who these people are. This isn’t right.”

    So use LastPass for everything. So for us, we recommend it when you’re using it for accessing your website.

    Website Access

    Next, keep the number of users on your website to a minimum. We don’t want to have 20 people with admin access. So what we like to do is to give people the right kind of access.

    An editor, maybe a marketing person, or a developer, might have different access. We don’t want a marketing person to have plugin access because we don’t know what they’re adding. If it’s, if you know, if it’s something that, you know, we can have a discussion, we say, let us install it for you. So that’s security.

    WordPress Security Updates

    We typically build using WordPress, and WordPress has this bad reputation of being insecure, but WordPress is no more insecure than your computer software like Microsoft or Macintosh. And you’ll notice that all of these computer operating systems will consistently send security updates.

    And that’s similar to what WordPress does. So WordPress 6.0 just dropped a month ago, back in May. And that is an upgrade as well as a feature upgrade. But there are also security features that are included. Then you’ll find there’ll be like 6.1, 6.2, 6.3. Those typically fixing bugs are fixing security holes that have been discovered.

    The same thing goes for plugins. Plugins should always be updated. Fixing any security holes. The third level is the core hosting core programming language that almost any website might sit upon that. Right now, we use Unix-based servers, which are like windows for servers. It’s the operating system.

    Hosting Security Updates

    Then on top of that is another layer. Called PHP. So PHP works with Unix. Windows servers would have on top of it, and that’s would be a web application website can be built On our end. We use Unix-based servers with PHP on top. And that’s the programming language that we’ll use to build websites.

    Typically, WordPress. PHP, just like any other operating system, needs to be updated. So if you’re updating PHP, that’s good, but you don’t know that unless you’re in the host. So we’ve, sometimes we find out when we go to if people are hosted on other servers they might have a very old PHP like PHP four.

    And the reason why is that when you upgrade PHP to the next level, it might break the website. Because the code that was written could be JavaScript, HTML, JQuery, or whatever programming was used on top of that PHP, it’s required. Elements within that PHP to deliver the website.

    So if you upgrade from PHP 5.0 to 6.0, it might break the site because the code relied on certain elements in 5.0, and that’s what we’re running into ourselves. We have very, very, very old. I’ve had clients for 15 or 20 years, and we’ve got about two or three of them.

    They’re so old that we cannot upgrade their website. If we do, they’ll break the site. So we’ve had to go back to them and give them an ultimatum that they must update. We have to ask that they either move the site physically off of our web host servers because you are putting at risk not only your site but other sites that might share that same space.

    It’s important that we keep everybody updated. If you don’t wanna spend the money to recode the site so that it is using the most security for PHP or a version of PHP we need you to get off of our web servers. You’re putting yourself a risk as well as everybody else.

    Core Code Updates

    Now there’s not just PHP. There’s JavaScript. So we have HTML websites and old HTML mail that might use JavaScript to send a form, maybe a script. So it’s a script, and you might put your contact information on these forms and hit send. Well, there’s JavaScript behind this function.

    Now there are other things between, and it’s calling bits and pieces from the mail server to send an email, and that JavaScript. There may have never been a problem before, but now we’re noticing issues. So even an old, basic, plain HTML site that never was an issue before has become an issue.

    So we have to go back to a couple of clients with very old websites with regular HTML. We have to tell them the same thing. You either remove the site from our servers or go to your own. It still doesn’t solve the problem for you. Or you upgrade the website to meet the security standards we have to put in place.

    I just wanted to give everybody a heads-up on that and how that works. And if you are one of those folks that might have a super, super old website, you probably will be hearing from us in the next couple of days because we need to let everybody know.

    Thank you so much, and be careful beyond the defensive.

    Don’t assume that every email you get is legitimate.

    Take a moment before you click that link.

    Take a moment before you go to that website and fill out your logins and passwords.

    Make sure you have two factor configured, and for sure, set up LastPass.

    Have a good day, everyone.

    Website WordPress Security Video

    Blog Categories

    Posted in

    Christina Hawkins

    Christina Hawkins is CEO of GlobalSpex, Inc. and a Fractional CMO for her clients. A seasoned digital marketer since 1999, Christina has designed and built exceptional websites partnering with small businesses to help them grow and increase revenue. She understands that digital marketing is a constantly evolving technology and works to stay on top of the latest changes. She is always looking for the best route for clients' lead generation needs and revenue. In addition to her ability as a digital marketer, Christina is a coach and mentor with Agency Mavericks to other digital marketing freelancers, helping them grow their businesses. She is also a sponsor and co-leader of Houston's WordPress Meetup.

    Leave a Comment