FBI warns, WordPress sites are a target for malicious code and hackers

FBI_WP2This is not a joke, but a serious warning for persons with WordPress sites that are not being managed well.

Like many modern software packages, WordPress is updated regularly to address new security issues that may arise, however some websites do not allow for automatic, or do not check often for necessary updates, and are left running old, potentially vulnerable versions.

WordPress hacking is not new. Today’s websites need to be more than just a pretty face. They need to be secure for the visitors. WordPress is attractive to hackers simply by virtue of being so popular.

Studies show that over 60% of websites are build on a WordPress platform, and less than half of those are updated on any regular basis. Not only is it bad for marketing to have an old website, it is a security breech waiting to happen.

You need to know.

If you delegate the management of your website to a company or person outside of your organization, you may not be aware of how much protection you need, and if you are getting it. If you work on a WordPress platform, you are aware of how many times a plug in or theme needs an update. If you are running security software on your site, you may also see how many times an attempted hack has been thwarted. If you are not running security software on your site, you are simply opening yourself up to trouble.

You are not too small to be hacked

Although you may think your site is too small or not important enough to hackers to be a target, you could find that some hackers get a kick out of hacking small sites for practice, fun and bragging rights. If you are hacked it is disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. Keeping your site secure may seem complex and tedious, however, it is critically important.

The solution:

  1. Check your site daily and update themes, plug-ins and software.
  2. Use an administrative log-in other than “Admin”
  3. Use strong passwords and change them often
  4. Install and keep updated security software on your computer and your website
  5. Use a plug-in that limits the amount of log-ins
  6. Keep all your plug-ins updated.
  7. Be proactive about protecting your website
  8. Use a security software/plug-in that alerts you when someone attempts to hack your site
  9. Make sure the computers you use are free of spyware, malware, and virus infections.
  10. Always keep your operating system and the software on it, especially your web browser, up to date to protect you from security vulnerabilities.
  11. Make sure you are running secure, stable versions of your web server and the software on it.
  12. Update the firewall rules on your home router
  13. Be careful about what networks you work from, ie: free WIFi is NOT secure and neither are the passwords you use when on these free networks.
  14. Work with a competent internet management person or firm who will stay on top of all this for you.

eCommerce sites need to be extra aware of potential hacks, so as not to lose customers and/or revenue.

Two recent vulnerabilities in shopping cart plugins/software were reported: X-Cart contains multiple vulnerabilities. Read the alert here. In March a serious SQL injection vulnerability was discovered in WooCommerce. If you use WooCommerce, it should be updated ASAP.

A strong recommendation: ecommerce sites should follow PCI compliance and always be https regardless of how many products and regardless of whether you are using a plug-in or special links directly to your payment processor.

If you don’t know the status of the internal workings and code of your website, now is the time! Either consult with your webmaster for a full report, get educated and check for yourself or seek a consultation with a person or firm that can help you.

FYI: the link to the FBI press release: http://1.usa.gov/1NUgobq


Scroll Up