No one likes to pay for services that appear to do nothing, like insurance, if your a good driver and nothing happens. It seems like your paying for nothing.
The same goes for Antivirus software, if you surf safe and don’t get click happy, you should be fine. The same cannot be said about maintaining a website.
All it takes is one bad plugin on your site or one piece of insecure code and a hacker can riddle your machine with malware and spam the world. This is our experience with one of our clients we inherited.
It was a custom built site, when we took it over on the old hosting system it was reported by Google a few times for having malicious content, we came into the environment and cleaned out the bad files and ran some checks for running processes that shouldn’t be running and everything looked fine. About two months goes by and it happens again, there must be a loophole somewhere in the code that is causing this break-in. So we get with the hosting company who made this custom site and started talking about dealing with this problem. It quickly turned into a he-said she-said battle and we ended the hosting agreement and brought everything over into our servers. “Surely it must have been something in their code/ passwords that caused this since we were so greeted with such hostility when we found this” we thought. About 4 months go by on our own servers now and it happens again. Now this is a big problem, we basically let in a virus into our server and luckily it could only wreck havoc in its compartmentalized section of the server but it was still causing problems. So we dusted off some of our tricks and went to work again.
After thoroughly digging through old plugins and deactivating and deleting old files we had found it. A converted HTML site to a WordPress site, the template creation system was still within the theme files allowing uploads. Although we would never know for certain if this was the back door the hacker was exploiting, we quickly went to the other sites this company had made and noticed that the same files did not exist on the other sites. All plugins were the same across all sites, the only thing that was different was the theme creation files were still deep within the base theme. We quickly removed the files and cleaned out all the hacked files and it has been clean ever since.
In conclusion you always want to ensure that your website is staying up to date with the latest plugins and codes. Also you need to be careful of the themes you use within your site, if the themes never get updated, a security hole may be discovered and your site could be exploited. Having an exploited site not only ruins your ranking on Google (especially when it happens more than once) but it damages your reputation online to people finding your site and you could be spreading the bad content if the infection is deep enough to starting sending out mail.
If you think your website is vulnerable to compromises because of lack of updates or if you don’t update your website you should take care of it right away. Especially if you are holding customer information or if it is a shopcart, you want to make sure you are always secure and have valid code. Shopcart sites are difficult to upgrade and simply upgrading plugins could have disastrous outcomes on your carts. Always backup your site before executing updates especially core updates and updates to your shopcart framework!