{"id":20005,"date":"2019-10-22T09:30:43","date_gmt":"2019-10-22T09:30:43","guid":{"rendered":"https:\/\/www.heartinternet.uk\/blog\/?p=20005"},"modified":"2019-10-22T09:30:43","modified_gmt":"2019-10-22T09:30:43","slug":"talking-to-your-clients-about-wordpress-plugin-security","status":"publish","type":"post","link":"https:\/\/www.heartinternet.uk\/blog\/talking-to-your-clients-about-wordpress-plugin-security\/","title":{"rendered":"Talking to your clients about WordPress plugin security"},"content":{"rendered":"

It\u2019s safe to say that most clients don\u2019t have a deep understanding of WordPress plugin security and that they don\u2019t take it as seriously as they should.<\/p>\n

Most likely it\u2019s because they have little to no idea about the risks they’re exposing their sites to with every plugin they install.<\/p>\n

They might not know that vulnerable plugins are the top way that attackers gain access to WordPress sites, and that hackers can steal or expose all their customers\u2019 data and cripple their business.<\/p>\n

And they might also not be aware of how often this happens.<\/p>\n

In 2018, Wordfence, a WordPress security firm, discovered that the WP GDPR Compliance plugin has a serious vulnerability<\/a> that enabled unauthenticated attackers to escalate their privileges, permitting them to further infect vulnerable sites.<\/p>\n

As their “technical contact”, your clients might assume that it\u2019s your responsibility to keep their sites secure and\/or to fix any security issue that might arise.<\/p>\n

Whether it is or not, educating your clients (and potential clients) about plugin security can save you time and headaches, while also keeping them happy and their businesses (and yours) safe and thriving.<\/p>\n

So in this post we\u2019ll show you how to talk to your clients about WordPress plugin security to ensure you both have peace of mind. Or, better yet, why not share this article with them?<\/p>\n

Ready? Let\u2019s get started.<\/p>\n

Only use the necessary plugins<\/h3>\n

The more WordPress plugins you install, the more vulnerable your website is to an attack. Since you\u2019re running more code, your odds to having a security vulnerability exploited go up.<\/p>\n

In addition, you\u2019re so busy growing your business that you likely don\u2019t have time to keep updated on or respond quickly to plugin vulnerability reports.<\/p>\n

So whenever you find an interesting new plugin, take a moment and ask yourself if you really need it before you install it.<\/p>\n

Always get your plugins from a trusted source<\/h3>\n

It\u2019s tempting to look for free plugins online. The problem is that if they\u2019re not from a reputable site, they might contain malware that can compromise your site\u2019s security.<\/p>\n

If possible, try to limit your plugin downloads to the official WordPress.org plugin directory.<\/p>\n

If you find a great plugin on another site, take a few moments to review it to ensure it’s a reputable and trustworthy source before downloading and installing the plugin on your website.<\/p>\n

Here are a few key things to look at to determine whether the site can be trusted.<\/p>\n