Unmanaged WordPress Websites Present Risks

Nearly one-fourth of all websites are build on the WordPress platform, which is popular due to its functionality, ease of use, and adaptability.  Businesses like the functionality of the WordPress sites along with the comparatively low expense relative to other platforms. They invest in having a website designed and built and then since WordPress allows easy access, they are usually instructed on how to make posts to their site, manage comments, and update plugins.  Usually this is in combination with professional management of the site. Sometimes a small business customer may then try to manage the site themselves in order to save money. In this situation, every customer starts with good intentions, and may be diligent at first, but this usually drops off and management lags, and pretty soon months have gone by without any updating, and then problems arise.  Security breaches and plugin conflicts occur and the site may be broken. It only takes one instance, such as the recent SoakSoak malware reported by Securi on December 15th, 2014, which affected over 100,000 websites and caused Google to blacklist over 11,000 sites, to completely disable a website.  The SoakSoak security breach was determined to be related to the RevSlider plugin for WordPress, even when the plugin was deactivated on the site, and many site owners did not even know it was on their site. If the plugin was updated it did not present the risk as an un-updated plugin did.

WordPress sites are dynamic and need to be managed consistently and diligently, with someone monitoring and updating both the WordPress platform and the plugins, checking for security risks, resolving plugin conflicts, and backing up the site regularly so it can be recovered if it becomes infected and disabled.  If you are going to invest any money in the development of a WordPress website, you also need to invest in the management of the site, which is usually a minimal recurring expense. This will protect your online business or website traffic, and possibly the reputation of your business if your site is blacklisted. It just isn’t worth the risk to your site and company, and you may face having to pay again to have your site completely rebuilt and/or cleaned.

http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html