Lax Wordpress security, data protection caused by lack of education
Wordpress, used to manage approximately 75 million websites worldwide, is a CMS system known for its easy install and flexible customisation with plugins and custom coding. As the content management system (CMS) is so widely used, it is unsurprising that the system is also one of the most widely-attacked. According to research conducted by Imperva, Wordpress is attacked 24.1 percent more (.PDF) than all other CMS platforms combined.
Add a lack of training, backups and updates to the mix, and you find yourself with a complicated security landscape -- as discovered by cloud-based website backup service CodeGuard in a new survey.
The survey of 503 Wordpress users, which took place online during February this year, revealed that WordPress users are more exposed to security problems than expected. In total, 54 percent of respondents said they updated WordPress between once a week and every few weeks, and yet only 24 percent back their websites up -- and only 23 percent have received training in the use of tools such as backup plugins.
Wordpress is easy to use, but as a result, a number of users may not be researching and training themselves properly in the CMS's use -- especially when it comes to keeping their websites safe. This ease of use, therefore, may be indirectly responsible for making Wordpress websites susceptible to data and customer loss caused by hacking or accidental file deletion.
"WordPress users tend to be inexperienced technically, and most have limited IT budgets," CodeGuard says. To back up this claim, the survey results included the fact 44 percent of Wordpress users who run a business do not employ webmasters or IT managers. In addition, 25 percent said they have received "very little" training in the proper use of Wordpress, and 22 percent haven't been trained at all -- stating they have "no idea" how to backup their systems.
Kaspersky Security Summit
As a result, the company says "white screens" -- Wordpress errors caused by PHP or database errors causing blank screens -- are common, and Wordpress attacks which exploit old, unpatched systems are on the rise. In total, 21 percent of respondents said they have seen a "white screen of death" multiple times and 69 percent have witnessed plugins fail after updates.
While backing up systems to protect a business from data loss caused by errors, a lack of training or cyberattacks is relatively easy, 21 percent of respondents said they only back up their sites "occasionally," and 22 percent said a backup plugin is "unimportant." Yet, accidents happen -- and 63 percent of respondents admitted to deleting files they had not backed up.
Almost a quarter of respondents said their websites are their livelihoods, and they would pay "almost anything" for a complete restore. In addition, 19 percent said they would be willing to pay up to several thousand dollars if need be. However, this is preventable -- if businesses which rely on the Wordpress CMS take the time to learn how to operate the system effectively, or hire someone that does.
David Moeller, CEO at CodeGuard commented:
"WordPress vulnerability is a way of life for website owners, but they don't have to live in fear. Regular training in the use of WordPress is a great form of prevention, as is website backup. In lieu of personal WordPress training, it [is the duty of] all website owners -- especially those with an e-commerce or customer-facing website -- to spend the relatively small sum of money it costs to hire an experienced IT manager.
In today's online business world, that expense amounts to the cost of doing business."
Read on: In the world of security
- Anonymous targets ISIS social media, recruitment drives in #OpISIS campaign
- Poor security left Anthem customer records exposed
- Verizon rushes fix for email account open season security flaw
- Sony executive Amy Pascal steps down following cyberattack, email exposure
- Facebook funds GNU Privacy Guard development