Is it just me, or are there a lot more websites getting hacked these days?
WordPress is the world’s most popular CMS software, and it powers around 35% of all websites on the internet, but this means it is a popular target with hackers.
Data shows that at least 30,823 out of 42,106 identified WordPress websites have exploitable vulnerabilities. This means that 73.2% of the most popular WordPress installations are vulnerable, making WordPress security very important.
Here is a quick look at some of the latest vulnerable WordPress plugins:
Real world examples
This month I have fixed two websites that had unfortunately been hacked.
Case One
This website was very old. It was built in 2013 and basically had no updates since. Although the website was still working ok, it was very slow and had been hacked.
Once the infected files had been identified and removed, it was a case of making the website secure so that it wasn’t hacked again.
This is easier said than done when it comes to very old sites. Updating old sites often means updating WordPress between major releases, e.g. WordPress 4 to WordPress 5. Often the theme the website is built on is also horribly out of date, so that needs to be updated too (custom website anyone?).
Thankfully this website was very basic and only used a couple of plugins. The plugins updated ok, as well as WordPress. I was then able to update PHP from an old vulnerable 5.6 version, to 7.4.
The theme however had been modified by the developer, rather than using a child theme so I could not update that.
The other issue with this site, it wasn’t https. It had a secure certificate installed but the secure cert had expired. Once I sorted out a new secure certificate I was able to update the website to https.
The final steps were to reset all user passwords and install a trusted WordPress security plugin.
Case Two
Unlike case one, this website you could tell it had been hacked. When logging into the dashboard, the dashboard appeared like this:
The website was a recent build, but the developer was based overseas (go local NZ), and was no longer maintaining the site. I managed to remove all the infected files but ended up having to replace both the wp-admin and wp-includes directories. This fixed the dashboard issue, so I was able to login and update the plugins and WordPress to the latest versions.
Again, all the user passwords were reset and security plugin installed.
<h2>Damage to your website</h2>
Apart from affecting your websites performance and functionality, a hacker can steal user information, passwords and even distribute malware to your users.
Furthermore, Google can blacklist your website, resulting in a sharp decline in website traffic.
Keeping your Website safe
The best way to keep your website safe is to use a managed WordPress hosting service, just like the one A-Z Web Solutions offers. A managed hosting service means the hosting company will offer automatic WordPress updates, automatic backups, and advanced security configurations to protect your website.
You can do your bit too, by making sure you use a strong and secure password.
A-Z Web Solutions is here to help
If you are concerned your website might be vulnerable, or want to put security measures in place now, get hold of Aaron, when it comes to WordPress security, he’s got you covered from A-Z.
