WordPress is the most popular CMS (Content Management System) out there. According to Tyton Media, WordPress accounts for almost 27% of all websites. Thats a huge percentage, but not remotely surprising. WordPress is an extremely flexible system. What started out as a simple blogging platform, can now be used as the base for any type of website whether its a small landing page or a large ecommerce website. A WordPress website can be created with little or even no coding experience.
But thats where the issues lie. A system which accounts for such a large proportion of the internet and can be implemented by people with no technical knowledge, is the perfect target for hackers. In one move they can have control of more than 1/4 of all websites on the internet and pump their illegal content out to the world.
Does this mean we shouldn’t use WordPress?
No, WordPress is a great system with an amazing community which powers some of the most well known websites out there.
To counter act the threat from hackers, the WordPress core and all Plugins have regular updates released. Sometimes these include new features, but the main aim is to close up any loops holes and back doors that hackers may have found.
Unfortunately, only around 40% of WordPress websites are kept up-to-date. Which means a whopping 60% are just sitting and waiting to be hacked. Thats an estimated 162,000,000 websites.
It will never happen to me though.. right?
The chances are, you wouldn’t even know if it had. A large amount of WordPress hacks consist of hidden files which are linked to from spam emails & social media posts. These files are then used to steal the personal data of unsuspecting people who click the links. This all happens on your server, in the name of your business.
Some hacks aren’t so discrete. Recently, a large law firm we were doing some work for was hit by a hack. This time, the hacker replaced all of the content on their website with links to pages selling viagra. They took control of the website, and made it impossible for someone with no experience to remove the hack. They also changed description tags, so the search results and any links shared to social media all featured the same content.
Luckily we were able to catch and remove the rogue code quickly, before any real damage was done.
What can I do to prevent this happening to my business?
It is extremely important that you ensure your WordPress installation and any Plugins used on the website are kept up to date at all times. But this isn’t always 100% effective. There is a lead time between the hacks being uncovered and the fix being implemented, so the damage may already be done.
If your website hasn’t been updated in a while, you will need to have a security scan carried out. This will help to detect any unusual files which may have been placed on your website. These files can then be removed.
Once any files have been removed, your website should be placed behind a firewall. This will help to block all potential threats, by blocking the IP addresses of any known hackers and monitoring the website 24/7 for any unusual activity. This includes any repeated failed login attempts, or files being placed on the server.
If you have any concerns that your website may not be secure, contact us. We can help to remove any existing hacks and put the necessary preventative measures in place to ensure your website remains secure and in your control.