Wordpress, Joomla, Drupal these types of software were designed to let the site owner make updates to what can be very complex websites. without dependency on webmasters - and that has opened up a world of possibilities that just never were there before.
So what’s the problem?
Security, that’s what.
All Content Management Software is under fire. 100s of attempts per day are made on your site, not because they want your info, but because they will use core Wordpress or Joomla features to send out spam (or inject phishing pages that will be used in spam).
This is going to affect any site at some point that has not followed the rules of the day. Given that here is a brief list of rules that will help you avoid being that guy.
It’s been called a hassle. But not updating will be the cause of the ultimate grief. Software developers send out updates to your software to bring you new features or plug a vulnerability. When it’s the latter, waiting even a day is all the hacker needs to find you.
2. Be frugal with plugins
Yup they are cool and do neat things. But it’s vital to stick with what you need and remove the rest. Every plugin comes with its own holes, so having only the ones you need limits the holes. Remember that each of these will come out with their own updates and the rules apply the same way. This is a good reason to only keep plugins that you are using. Always remove the ones you have cast to the wayside, this includes themes, forms, any software you have added to the core (original) installation of your content management software.
3. Vet your plugins
The selection of Form or Video software alone is huge. So how do you pick the one that is right for your site? First thing is to make sure it’s secure. Some of the best ways to do that are to check when the last update was. If it was 5 years ago.. run away. No software is that secure so it means the developer has lost interest. As well check into their forums, most use those for support. See what people say and check how long it takes for support to answer calls for help. And feel free to plug the name into Google, often a bad reputation will show up there.
It has happened (more so in Wordpress than Joomla) that an update to the software had crippled a plugin or the theme. This also means the developer of that add on is not keeping up. There will be times when you need to be ready to shift or change.
One really good piece of advice is to have a professional set up your site, leavening you only with updates. You can then turn to that pro to do updates for you. Yes, they will charge a fee, but it will save you time and stress. In the long run it can save you a lot of money too. The cost of rebuilding can be horrendous depending on the sate of success you have achieved.