If you have not updated your WordPress website and all plugins in the past 30 days, then update them today. Let me repeat myself… update them today! If not, you are playing Russian Roulette with the success of your website. We have seen a sudden increase in websites being compromised and in jeopardy of being turned off.
Just to clarify, when a hosting provider finds a website on its server that is causing problems due to SPAM, serving malware or other malicious activity, they typically request that you correct the issue or they will be forced to turn off the site. While the target of this message is to our clients, it does apply to anyone using WordPress.
We have always stressed to our clients the importance of WordPress Maintenance in order to keep “bad” things from happening to it. As mentioned, hosting providers will be forced to turn your website off until the site is cleaned. Google will warn you, then possibly remove your website from their search results if it contains malicious scripts.
… Safe Browsing shows people more than 5 million warnings per day for all sorts of malicious sites and unwanted software, and discovers more than 50,000 malware sites and more than 90,000 phishing sites every month.
WordPress Maintenance Packages
Over the years, we’ve helped thousands of clients launch their real estate WordPress sites. In that time, we’ve seen only a handful of sites compromised. In every single case, the breach was due to poor security practices: using “admin” as a username, choosing a simple password, and failing to keep the site and its plugins updated.
Realizing that many clients lacked the time for regular maintenance, we introduced our WordPress Maintenance packages. For those who prefer a hands-on approach, we also created a step-by-step tutorial. Securing your site isn’t difficult and doesn’t take long, but it does require discipline.
We protect our clients by performing complete nightly backups, implementing secure passwords, and installing premium security plugins. These licensed tools offer the best in support, performance, and security, making your site significantly more robust than a default WordPress installation.
For clients we don’t manage, we have seen nearly 100+ sites compromised due to WordPress / plugins that weren’t updated.
Additional Steps to Help Protect Yourself
In light of some recent vulnerabilities, we believe updating plugins and WordPress 4-6 times per year alone may not be enough. Don’t get me wrong…if updated properly, the vast majority of sites are secure. But please remember, nothing is 100% safe so it is important to take reasonable precautions.
As a longtime fan of Sucuri’s Anti-Virus / Malware Removal service (the leader in helping get infected sites back to a healthy state), we started using their Firewall service as an added layer of protection. The Firewall service blocks malicious attempts before they even get to your website. So even if you have a plugin that is vulnerable, there is a great chance that Sucuri will protect you until you can get it updated. As of today, none of our clients that have been using the Firewall service have been infected.
In light of these recent events, we have decided to update our company policy and at a minimum, urge all clients to get Sucuri’s Firewall service. Their service is only $10/mo and will help protect your site from getting compromised as well as offering performance optimization (making it faster, by as much as 50% in some cases). In a time when Google values fast sites, this feature alone is worth the $10 in my opinion.
I could go on about how great I believe Sucuri’s service is…but I thought I would simply share their video with you here as I think they do a great job making this easy to understand.
Want to see if anyone has tried to login to your site and guess your password? With many of our newer sites, login to your WordPress Dashboard and go to Settings > Limit Login Attempts and look at the number of times someone has tried to login to your site and been locked out. If you don’t have the plugin installed, contact us for assistance and we can do it for you.
If you would like to add the Sucuri Firewall service, please contact us for details by emailing support. For more information on our WordPress Maintenance packages visit WordPress Maintenance Add-on.
Related Articles
– Why Websites Get Hacked
– The Impacts of a Hacked Website
– Understanding WordPress Plugin Vulnerabilities
– Google Analytics Security Update
– Sucuri Case notes regarding Gravity Forms exploit
– WordPress SEO Security release
