Today was not a great day for one of our clients who woke up to discover that his Word Press site had been hacked. The hacker was able to access the site and change the file permissions in the back end of the site which immediately locked out the legitimate site owner from making any changes to the site.
To say he was upset is to put it very lightly. His entire livelihood for several years has been dependent upon the results from his website. Since his site was an older version of Word Press, this created a perfect storm and hackers took advantage. It will take us unnecessary time to re-design and publish his site. This not only requires us to make time on an emergency basis, but also causes our client to worry about new costs.
Older sites are often targeted by hackers. We suggest that our clients update their entire Word Press sites every two years and update the software regularly as new versions become available. This does help and makes it more difficult for the hacker to gain access to the site. However, no matter how diligent our clients are in updating their sites, there will always be some determined hacker who seems to delight in finding a way into the site. Our job is to make it as difficult as possible for this “black hat” individual bent on causing havoc.
Default user names and passwords:
One of the ways you can safeguard your site is to change all default passwords and delete unused plug-ins. Go through your files and look for old plug-ins and default information you may be storing. Change your passwords regularly and keep the software updated. If you are not an Admin on your site it is a good idea to pay the webmaster to keep your Word Press site updated and further to add newly developed security software.
Vulnerability is found with some of the most popular plugins. Some allow clients to track visitors, analyze email campaigns, etc. If the hacker gets into the system they can read sensitive information, and in a worse case scenario actually take over the Word Press site.
Using a plug-in to break into the site:
A hacker can easily determine the year when the site was created which is most likely the year that the plug-in was installed. Once this is determined he is well on the way to breaking the code and hacking the site. A Sucuri senior staff member reported that this can be done in ten minutes (not good news for those of us that are struggling to keep the site safe from intruders). One of the companies offering hosting which includes regular backups is “Synthesis.” They offer a few tips for updating and securing the Word Press site. There is a cost however for this service. This cost may be minimal when you consider the damage and cost involved in re-creating the site and having to hire a programmer to fix the damage.
We understand that business owners seldom have free time and are busy in their daily lives. Keeping the Word Press site updated is the responsibility of every site owner and there are options if you don’t have the time to accomplish your own back up. As software upgrades are available, they should be implemented in a timely manner. Word Press updates should not be ignored.
Hurry back for more from the Design Wizards.