WordPress is under attack!Posted by Jason Hawkins / January 25, 2013
KND has built many WordPress sites over the years; after all it is the industry standard for open-source CMS solutions. It’s ease to use and flexible enough to provide a powerful base to launch any web presence. But there is a frustrating and darker side to the open-source community. Open source means a lot of people use it, which makes it a big target for hackers.
WordPress hacking can take several forms, from a redirection often to a less savoury site, through to code injection into a page to benefit a third party’s search ranking (usually a gambling site).
In whatever form, it is bad for business and can be a shock if you have never experienced it before. Unfortunately, the success of WordPress as a mainstream CMS now makes it an obvious target for hackers. Extreme security measures can be taken to lock down your installation, but for many businesses, this can be out of your budget and often not practical.
How to Stop WordPress Hacking
Firstly, we would suggest working with your web firm to implement a solution that fits your budget. Remember, that just because WordPress is open-source and free to obtain, doesn’t mean that it costs nothing to run. All websites need TLC.
There are two main points to be considered – risk reduction and monitoring.
1. Risk reduction
Ensure your WordPress installation and plugins are up-to-date. This is easier said than done if your WordPress install is customised, however continuous monthly updates to the latest version is just GOOD PRACTICE! So depending on your skills, either do this yourself or factor routine of upgrades into your maintenance agreement. Most hackings we repair are a result of WordPress not being up-to-date.
Use a solid hosting provider with prompt support. Chasing the cheapest hosting provider usually results in poor support or systems that are not properly maintained (costs have to be cut somewhere) which can open holes for hackers to find a way in. Unfortunately, when things go wrong, you are left without support when you need it most.
For those companies needing a more bullet proof solution, there are robust methods to further reduce the risks such as IP blocking and dedicated servers to name a few. It really depends on your budget, please to talk to your provider to customise a solution to suit your needs.
Often the most critical issue when your website is hacked is actually knowing about it quickly. The last thing you want is an embarrassing call from a client letting you know. Or worst still, bringing your site up in a board room meeting and having it redirect to a Turkish Viagra website.
The good news is that there are ways to monitor your website files 24-7 and receive notifications if any untoward behaviour occurs. For a small monthly fee, we can install monitoring software and you receive instant notification of the issue. Often the site can be fixed in minutes (if you know where to look) and before the day begins. Money well spent in our opinion.
Most web companies don’t want to talk about it, but hacking is a fact of life in our online world, especially with millions of websites using freely available software. It is a blessing and a curse to have such good quality software so cheap, so we just need to be vigilant and keep it updated and monitor it 24/7.