This is something I can’t stress enough how important it is to always run the latest version of plugins and WordPress. There is a reason why these get updated regularly, whether it’s a security flaw or a bug fix.
All client websites are updated free of charge bi-weekly for the first year after the handover, is this something your agency offers, too?
Last week a security flaw in WordPress has let hackers attack tens of thousands of sites. These weren’t just a simple content injection hacks, websites were taken over by hackers. As article on BBC points out, there was a vulnerability found in an add-on for WordPress that was introduced in versions released in late 2016.
Although many websites have been updated since, it’s estimated almost 40,000 blogs are believed to have been hit. These websites were used for spam and malware activities.
Always make sure you run the latest version of WordPress, you could do this manually or set up automatic background updates as described in this article.