Just over half of all cyber-attacks to WordPress websites target small businesses – and of those? 60% are likely to be out of business within six months due to recovery costs and clean up after the attack. That's sobering. Which is why it's so important to keep everything up to date: plugins, themes and WordPress itself, because 97% of all hacks are automated.
WordPress is the most hacked platform despite its popularity – or because of it. But emerging AI plugins – with their wider reach and greater powers – pose a new, existential threat. Under the guise of helping you or helping users, many of these AI assistants boil down to phoning-in your website so you can walk away from it. Like the AI assistant that will write blog posts for you.
A real time-saver, but ask yourself, if you can't be bothered to write it? What makes you think anyone will read it?
The WordPress folks seems poised to embrace some kind of interwoven AI throughtout the WordPress universe, though not to the core product. Themes and plugins? Sure. But what if you don't want to use AI? What if the learning curve is too steep? Or you are unsure of the permissions you may be granting? Or your developer, web host, plugins, themes, etc. have differing opinions?
AI plugin types include:
- AI Language translation tools: Translating text to foreign languages is an easy way to extend the reach of your website – or poplate spam, hate speech, etc. in multiple languages without website owners being able to detect it.
- AI code generation: new plugins that use AI to create code? Hackers could turn your website into a malware factory.
- AI Commerce: any AI plugin that connects with WooCommerce would be vulnerable to the current vulnerabilities in WooCommerce and may make them worse.
- AI Chatbots: AI chat tools are a target for social engineering.
- AI SEO: AI SEO Plugins are just as hackable as their infected, non-AI predecessors: All In One SEO and Yoast SEO
- AI Assistants and Admin Tools would be the easiest way to mine user data from your website, siphon passwords or send mail.
If you have a WordPress website, now is a good time to review your hosting company's WordPress guidelines. Check your current plugins to see if there are plans to make an AI version and what your options are. Same for themes.
Things to check:
- What plugins do you absolutely need? Are they still actively supported? Are there similar options if you need to switch?
- When was your theme last updated? What are the plans for future development?
- How often do you make a full backup of your WordPress website? If this is automated, do a test run to make sure that you can access that back up.
- Definitely back up prior to making any AI changes.
Photo by h heyerlein on Unsplash
