SMBs Neglect WordPress Sites and Flirt with Danger

Lots of small business owners flock to WordPress to help establish their companies online. But once they settle in, many of them do little to protect their corner of the Internet, according to a new study from CodeGuard, an Atlanta-based small and midsized business (SMB) cloud backup company.

WordPress is an enormously popular open-source content management system (CMS), and with good reason. Not only does WordPress make publishing to the Web painless and economical—a free, non-hosted version is available for do-it-yourselfers—a rich ecosystem of compatible plug-ins lets you customize and fine-tune your websites and blogs to attain the look, feel and functionality you want.

Looking for deep social-media integration, mobile-friendly site templates or search engine optimization (SEO) tools? There’s a WordPress plug-in for that.

WordPress powers millions of websites, an estimated 23 percent of all sites on the Internet according to the Web statistics keepers at W3Tech. Sites range from personal blogs to small business storefronts to media powerhouses. Time, CNN, and Vogue are among some of the big media properties that rely on the CMS.

Downside of Being the Number One CMS

“We’ve just seen so much growth in the WordPress market,” David Moeller, CEO of CodeGuard, told Small Business Computing. “An enormous number of our customers use WordPress.”

Unfortunately, hackers and cyber-attackers have noticed it, too.

WordPress website security

Last year, according to the data security researchers at Imperva, WordPress sites were attacked more frequently than all other Web CMS platforms combined. Experts expect the attacks to continue in 2015 as hackers engage in brute-force password guessing and exploit vulnerable plugins.

When successful, these attacks can cause major headaches for small businesses, including site defacement, malware dumps and data loss. Even worse, Moeller warned, are the damaging effects the attacks wreak on a company’s revenue and reputation.

It Always Comes Down to Data Backup

WordPress’ ease-of-use, beginner-friendly user interface and seemingly unending extensibility belie potent capabilities that churn just beneath the surface.  “WordPress is a pretty powerful Web application once you get under it,” said Moeller. Unfortunately, people often “don’t realize that there are some dangers and downside” to WordPress.

When working on a Web server, folks need to get out of the PC mindset. Expecting the same file functionality as you find on Mac OS or Windows, people often believe that they can pluck deleted files out of the virtual recycling bin, Moeller said. Simply put: you can’t.

The reality soon sets in when a 404 or another indecipherable error message greets website visitors. “When [a Web file] is gone it’s gone,” Moeller cautioned. Many WordPress users, often lacking proper website backups, find themselves scrambling to get back online.

Winging Your Website Security Puts Your Business at Risk

Codeguard surveyed 503 WordPress customers for this study, and less than half of them report that they backup their websites regularly. Forty-seven percent said that they perform a backup every few months, at most. Only 24 percent said that they employ a backup plug-in, a woefully low statistic considering the wealth of affordable, cloud-based backup options available to small businesses.

That wouldn’t be much of a problem if WordPress sites remained static little pieces of Internet real estate, but the reality is that it’s an ever-evolving platform.

Fifty-four percent of respondents said they update WordPress ranging from once a week to once every few weeks. “Seventy percent had a plug-in fail after an update,” added Moeller, causing no small amount of hair-pulling for inexperienced site owners with limited technical resources and know-how at their disposal. Forty-four percent of those polled don’t have a website or IT manager on staff to rescue them when sites give up the ghost.

A significant number of WordPress users (22 percent) lack training in WordPress backups, and another 22 percent said that backup plug-ins are unimportant to them. Twenty-one percent said that they had already encountered the “white screen of death” multiple times. A majority (63 percent) admitted to deleting files that were not backed up.

“The vast majority of people are winging it,” lamented Moeller. It’s a situation that may prove costly.

Twenty-four percent of respondents described their sites as their livelihood and would pay “almost anything” to completely restore their sites. Some site owners (19 percent) said that they would be willing to part with several thousand dollars for their websites to be made whole again, a bitter pill to swallow that can you can avoid with an ounce of prevention.

Pedro Hernandez is a contributing editor at Small Business Computing. Follow him on Twitter @ecoINSITE.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.