The Cost of Keeping Your WordPress CMS Website Secure

WordPressWordPress Content Management System (CMS) websites come with ongoing update costs that are easily overlooked. If you are like most of our clients, you don’t often think about, or pay much attention to, the backend of your website. WebWise Design & Marketing clients who choose to have a Security, Maintenance and Updates Plan may safely ignore updates needed to the functionality of their website as we take care of those tasks for you. Our security and maintenance plan includes monitoring and applying all WordPress security software updates, and all plugin updates. It also includes repairing any damage an update may cause to the website.

For those who do not have a Security, Maintenance and Updates Plan, please continue reading.

It is important to remember, simply ignoring or not applying WordPress and plugins is not an option. Updates must be applied, either by you or your web developer.

WordPress Plugins

PluginI am sure many of you are thinking, “what the heck is a plugin and why do I need them?” According to the WordPress Codex, “Plugins are ways to extend and add to the functionality that already exists in WordPress. The core of WordPress is designed to be lean and lightweight, to maximize flexibility and minimize code bloat.” Plugins offer custom functions and features so that each website can be tailored to the website owner’s specific needs. Some examples of functions and features often added with plugins include calendars, photo sliders, forms, captcha for forms, anti-spam, navigation menus, security, and additional SEO features. Most interactive and dynamic aspects of a WordPress website are provided through the use of plugins. Some plugins (generally those with fewer features) are free to use. Sometimes, it is essential to use “premium” plugins that are sold as a license subscriptions that includes all code updates for a year. Note: these updates are for the code and subscriptions only; they do not include applying the updates to your website.

Security and Maintenance Updates

If you have read this far, I imagine you have a fairly good idea about what drives the hidden costs of security and maintenance updates, so I will confirm it. WordPress and plugins need to be updated frequently. Not long ago, we could say “periodically,” but unfortunately, “frequently” describes how often security and maintenance updates are required in today’s world. With every new WordPress release (there have been six so far this year), any website built with WordPress needs to have it updated. Of course, it doesn’t end with that simple update. Often, most if not all plugins used in building a website will have to release updates of their own, which will need to be applied to the website as well. Throughout the process of updating, one has to check to make sure the website is not negatively impacted by an update. In other words, the website must be checked and all functions tested to make sure the update didn’t break anything, and that the website is still displaying and working properly. That “checking’ is done for multiple devices, browsers, and operating systems.

I know some of you are asking, “What happens if I don’t do the security updates?” Well, there are many things that can happen as a result of not having the latest version of WordPress and plugins installed on your website. Here is short list of some possible consequences.

  • Unauthorized access to your WordPress administrative area.
  • Unauthorized and hidden remote control of the computer of an authorized user (you) .
  • Your website doesn’t display properly.
  • Your website doesn’t display at all.
  • Your website is hacked and displays offensive and/or harmful content.
  • Your website is hacked and infected with malware that, in turn, infects the computers of your website visitors.
  • Your web hosting company disables your website because of security risks in violation of their Terms of Use Policy.

What Can You Do?

  • Monitor WordPress and Plugin updates status.
  • Make the updates yourself.
  • Review your website to be sure nothing is broken.
  • Fix what is broken if you can, or contact your website developer.
  • Hire your website developer to do those update tasks for you.


Websites created using WordPress need frequent back-end updates and maintenance that cannot be ignored. Updating WordPress, themes, and plugins takes time and money. Some plugins used require annual license/subscription renewal fees. Ignoring updates puts your website at risk. 

Please see how WebWise helps mitigate the risk of your website getting hacked, and what you can do to make your website more resistant to hackers, by reading our Website Security For Content Management Systems blog post, as well as Secure Passwords Should Not Be Optional.

Of course, we are always happy to discuss how WebWise Design & Marketing can help you with anything in this post.

Call 1-800-281-9993 or 608-822-3750 Today!