Here at Colour Cubed, we love WordPress. It’s an awesome open source project that we leverage to build powerful dynamic websites that make our clients’ lives easier by making it easy to update content and add pages, blog posts and more. But like everything, WordPress is not perfect. Sometimes, bugs get through, and if left unattended these bugs can be exploited by malicious hackers in an attempt to take over a website.
Any savvy WordPress user will have heard about the vulnerability exposed by Anthony Ferrara that left several thousand WordPress installs open to an SQL injection attack earlier this week – but what exactly is an SQL injection?
SQL (pronounced “Sequel”) is a database language that manages the content, settings and various other dynamic information on your WordPress site. Along with PHP, it creates the system that allows you to edit content of your site – without it, editing your page’s content would require lots of fiddly code in a text editor, which is best left to the professionals (like us!). As PHP passes information to the database taken from inputs on your website, if the inputs are not correctly sanitised, wily hackers can use these inputs to run scripts within your database – these scripts could potentially do anything from removing all of the content from your site to adding in a new admin user, effectively allowing the hacker unrestricted access.
Obviously it’s not quite that simple, but that’s the basic premise and once in a while one of these exploits will emerge to get WordPress site owners quaking in their boots.
So, should we avoid WordPress in the name of security? The truth is that any sort of CMS is going to suffer from this sort of thing – the only way to be truly worry free in this regard is to code everything in flat files, and this would make content management very laborious. The beauty of WordPress is its open source nature – this means that rather than being a closed system, it’s worked on by thousands of talented developers all over the world. So when one of these vulnerabilities is exposed, the fix is usually rolled out in a matter of days, if not hours.
What it does mean is that it is absolutely imperative to stay up to date with security on a WordPress site (or indeed any website). At Colour Cubed we take the security of our sites very seriously and make sure all of the websites we manage are up to date and safe from harm, however even we can’t be too careful – so we also keep regular backups of all of our sites should the worst happen.
If you’d like to talk to us about locking down your website, feel free to get in touch with us today.