WordPress is a great resource for creating and administering many types of websites. With WordPress you get a highly polished system to create content with. Thousands of free themes, and plugins to expand your sites functionality and to get that look that is perfect.
Along with all that also comes some issues, which often get people into trouble:
- Not Keeping WordPress, themes or plugins up to date
- Not verifying plugins and themes before using
- Forgetting about old installations
The biggest problem I have seen is WordPress, it’s plugins, and themes are not updated regularly. When new code is released one of the first things that bad people do is look for ways to compromise WordPress, plugins, or themes.
Fortunately good people also notice these issues and correct them. After the code is corrected an update is prepared, and sent out. After the updates people who wish to be malicious look for these out of date scripts to make use of the known vulnerabilities.
Another problem that can be found is that plugins and themes are used without verifying their source. It is possible to slip malicious code into themes and plugins. There is no checking of the code which is submitted to these plugins and theme directories.
While checking the code directly is the only way to be absolutely sure what a plugin is doing. If you examine the number of downloads and ratings of the plugins will help you find high quality plugins.
Forgetting About Old Site
The last item that I see where people have problems is not specific to WordPress, but when you forget you have installed stuff on your web server, and then forget about it you will have problems from outdated scripts,which may lead to all sorts of issues.
Keep your scrips updated, and you will see fewer issues with compromised scripts, because as soon as the compromises are found they are fixed. Watching how often and how highly rated a plugin will help in always using reputable code in your WordPress site. Lastly, don’t forget about your code; keep your hosting account clean.