Content Management Systems (CMS) may not be the most interesting topic on the tech table, but oh boy does WordPress liven things up in this sector. Not, it has to be said, always in a good way. I've lost count of the number of WordPress vulnerability stories that I've read over this last 12 months, and have even written a few myself. of course, more often than not it isn't WordPress itself that is the problem but one of the gazillion plug-ins that are out there and being used to customize it and add functionality. There was the SoakSoak malware linked to the RevSlider plug-in a couple of months back, and that's just the tip of the iceberg.
Now a new survey of more than 500 WordPress users by CodeGuard (http://www.CodeGuard.com) has revealed how they are just making things worse by not being properly educated regarding backing up their sites or updating software. According to the survey while 54% do update WordPress somewhere between once a week and every few weeks there were 21% who backed up only occasionally. Some 24% used a website backup plugin, but only 23% have any real training in the use of these tools while 47% had either none or very little idea of how to use WordPress.
Maybe that's not too surprising as the survey also showed that WordPress users are attracted by ease of use and tend to veer towards the less technically competent end of the spectrum. In fact, 44% of those surveyed did not have a website or IT manager. This could explain why 69% saw a plugin fail after an update (with 24% experiencing this multiple times) and 63% admitting to deleting files which had not been backed up. It's also not surprising then that we read about so many problems caused by the use of plug-ins with vulnerabilities I guess. What is surprising, however, is that 24% of those surveyed said that their WordPress site was their livelihood.
Clearly there is a disconnect between expectation and reality here, if three quarters of people using WordPress are not even backing up their content yet are relying upon that content to drive their income. There's also a disconnect between ease of use and understanding how important security is, and that means updating not only WordPress itself but also the plug-ins that you use whenever a patch is made available. Education has to be the key, as with so many of the security problems we face today, what with nearly a quarter of all websites using WordPress at the backend according to market data and being 24% more likely to be attacked than sites powered by other CMS platforms.