Hello Curious Internet User,
I wanted to lay out the rationale for putting a higher priority on WordPress Updates and Security – and speak a little about how to achieve a basic level of security.
Below is an incident report from a client who experienced a plugin issue within their WordPress installation – causing ecommerce to come to a halt.
At the core of this issue is preventative maintenance and internal alerts – both of which are best practices for site security.
Incident: Orders unable to be processed due to WooCommerce UPS Shipping Plugin alerts.
Root cause: Unknown at this time – error messages not captured in real-time.
Remediation: In order to fully correct this issue we would need to first update all plugins – this is the underlying preventative maintenance that ensures site security as well as functionality. Once all plugins are updated we can then enable debugging, find the complete error/alert message (if it even exists any more) and correct based on plugin documentation or with plugin developer assistance.
I wanted to add a little example of why updates occur so often but more importantly – why it is so important to apply updates as well as applying page monitoring alerts (i.e https://changetower.com, https://visualping.io/, etc.)….
Situation 1 – Hackers
Developers make plugins – those plugins then get distributed around the internet – hackers then find vulnerabilities in plugins and exploit those vulnerabilities – then the internet lets the developer know they need to update their code – developers update their code to close the discovered vulnerability – developer then distributes the plugin update to close the vulnerability – hackers then know and scan the web for people using outdated plugin versions.
Situation 2 – Technology Advancement
Developers make plugins that affect or are affected by other technologies such as utilizing the UPS API, allowing a website to ‘talk’ to the website and get real-time shipping rates – then the external system changes, sometimes big changes, sometimes small changes – those changes then cause alerts or errors in original plugin because the original plugin is looking to communicate with no out-dated technology or endpoint – developer then updates their plugin to work as desired with updated technology external to WordPress website.
At the end of both of these situation we have changes made to the website – in situation 1 it is a hacked site and in situation 2 it is an error, alert or lack of site function. This is where visual site monitors come in. On a routine schedule visual site monitors ‘look’ at a site and alert an email when the site ‘looks’ different. Note that ‘looks’ can include functionality.
I hope this underscores the importance of visual site monitors as well as regular site maintenance.
I am happy to discuss any part of this further. I recommend a minimum of 4 hours every month to perform manual visual site checks (or a total of 3 hours a month if automated monitoring is in place) as well as to perform plugin, theme or core WordPress
IT Nachos Support