This past week we saw a massive attack on WordPress sites. Hackers, using automated tools, sought out WordPress sites (because of how many there are of them) and then exploited known weaknesses to place malware and in some cases take control of the site.
I know of at least two web sites that were hacked through this effort. These sites had not been updated in some time. Their WordPress was several versions behind and plugins had not been updated. This combination makes any defenses your site may have had much weaker. Fortunately, the hacks didn’t appear to be very significant, but it did take a bit to clean them up.
It’s a continual game of cat and mouse. When your site was set up, it was most likely set up with the most up-to-date tools at the time. But, hackers are always looking for new ways to get to your site. When they do, they can steal passwords, put malware on your site so you infect visitors, or even deface your site. They can delete your data. It can be embarrassing and expensive to fix.
Even with tools in place, it’s not possible to 100% guarantee that a hacker can’t get in. We can only do our best to block every known pathway and make it as difficult as possible for them. If it’s too much effort, they’ll often give up and move on to a less difficult target.
To give your site a health check, we offer a security scan and hardening package.
The WordPress Security Update is a set of plugins and other security related updates that help protect your WordPress site from hackers and others with malicious intent. This update requires that we have access to your hosting account and an administrative account on WordPress (in most cases we already do). We do the following: When More Info »