WordPress is a great tool for creating and managing websites. With over 60 million websites using WordPress, it is by far the most popular content management systems on the web. Not only that, WordPress is also open source which means that it is constantly being updated and improved. Why then, is it so common for WordPress websites to go down?
Often, the problem is not the user’s fault, but their host’s or even other people on their shared server. Failing hardware, outdated software, or mismanaged resources, can all cause server crashes. When this happens any websites on the server will go down. If you’re lucky, the server will be back up shortly, and you will have access to your website again. Sometimes, though, files and databases can become corrupt. In this case, your website might not be accessible, or it might look or behave differently. It often takes an experienced user to fix this type of problem.
Problems can also arise within WordPress itself. Because WordPress is so easy to install, users often fail to properly secure their installation against outside attacks, and with so many on the web, WordPress installations are a popular target for hackers. The fact that all of the WordPress bugs and vulnerabilities are posted online makes it even easier for attackers to compromise a WordPress site. CVEDetails.com keeps an up-to-date list with information about many known WordPress vulnerabilities.
Once a hacker has access to your website, you might not even know that anything has changed. Many hackers create networks of compromised websites that they can use for DDOS attacks, click fraud, and adware/spyware/malware distribution.
Plugin vulnerabilities are possibly the largest contributor to WordPress failures. In mid July, ZDNet published an article that described how vulnerabilities in just four WordPress plugins affected over 20 million WordPress installations. One of the vulnerabilities even allowed “attackers to upload malicious PHP files or backdoors to the target server without needing admin privileges.” Just like WordPress, many plugin bugs and vulnerabilities are published online for everyone to see. On one hand, the fact that everyone has access to this information is good, because it prompts developers to fix the problems, if they haven’t already, and it gives users a heads up that their website may be susceptible. Unfortunately, though, this information also makes it easier for hackers to find and exploit vulnerable plugins.
Besides being vulnerable, WordPress plugins are often buggy, bloated, or poorly maintained. In addition, multiple plugins can conflict with each other. Plugin incompatibility is one of the reasons why we at CodeGuard discontinued support for our WordPress plugin in favor of a more reliable and platform-agnostic website backup strategy.
What can you do?
There are several things you can do to make sure your WordPress website stays up and running.
- Choose a reputable host
If you want your website to available 24/7 make sure you choose a reliable hosting provider. Do a little bit of research beforehand to see if other users have had problems with the host you have in mind.
- Secure your WordPress installation
WordPress has published an excellent guide to help you harden your WordPress installation against outside attacks.
- Keep your plugins up-to-date
Old plugins with known vulnerabilities are easy targets for hackers. Keeping your plugins up-to-date will help ensure that they are bug-free and harder to attack. Limiting the number of plugins you have is also a good idea, because it reduces the number of attack vectors that hackers can potentially exploit.
- Have a backup
If all else fails, it’s important to have a plan for recovery. CodeGuard provides easy backups for your WordPress installation, and we have specific WordPress features that make restoring your site even easier.