Wordpress Security issues

There is an idea that cool tools are out on the web that allow you to create neat looking websites quickly and easily. Many of these tools are being peddled to unsuspecting small business owners. This is fine, as long as you don't expect that you can create the website and then leave it alone for a few years without constant maintenance. That notion can lead to disaster.

I recently attempted share a link to a friend's website, but when I tested it, I ended up in a miscreant's lair. The link from his Linked-in page did the same thing. His email also failed. I called him. His website had been hacked. He got it fixed in a couple of hours and I got this email back from him.

My web guy confirmed that the site got hacked due to not routinely applying updates. He will start doing that (My fault for not paying attention to this!).

It is now fixed.
Thanks Again!

I decided this was worth an article. There are two lessons here:

Websites must be maintained
We need a "web guy".

The site was built with WordPress, using some scripts and themes and tools that eventually developed security holes. But, no one was being paid to watch out for this and update those themes and scripts when problems were found and corrected. A "Web Guy" needs to do this and get paid for it.

Someone must be checking the themes and tools used on a site and see whether security flaws are found in those tools and fixes posted. If so, they must be tested to make sure they don't break your site. Someone must be responsible for this.

A fully custom site will cost more to build, but will normally be less vulnerable to attack. This is because it must be attacked directly against the code there. 1 attack. 1 target. However, a WordPress theme with a million users, can provide a million targets if one hole is found. 1 attack. 1,000,000 targets.

Because WordPress is the number one site building tool, it is the number one target. This isn't just a WordPress issue, it is an issue for anyone who uses some web design system (like WordPress) to create their website.

WordFence is a company that provides security for WordPress sites. Over 500,000 of their customers are attacked each week with about 16 million attacks originating from over 70,000 separate IP addresses. This is very common and a real problem. You do not want your site taken over, or malware installed on your site and infecting your clients.

You should also be checking your site for bad links or information that is out of date. There are no free lunches.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Wordpress Security issues There is an idea that cool tools are out on the web that allow you to create neat looking websites quickly and easily. Many of these tools are being peddled to unsuspecting small business owners. This is fine, as long as you don't expect that you can create the website and then leave it alone for a few years without constant maintenance. That notion can lead to disaster. I recently attempted share a link to a friend's website, but when I tested it, I ended up in a miscreant's lair. The link from his Linked-in page did the same thing. His email also failed. I called him. His website had been hacked. He got it fixed in a couple of hours and I got this email back from him. My web guy confirmed that the site got hacked due to not routinely applying updates. He will start doing that (My fault for not paying attention to this!). It is now fixed. Thanks Again! I decided this was worth an article. There are two lessons here: Websites must be maintained We need a "web guy". The site was built with WordPress, using some scripts and themes and tools that eventually developed security holes. But, no one was being paid to watch out for this and update those themes and scripts when problems were found and corrected. A "Web Guy" needs to do this and get paid for it. Someone must be checking the themes and tools used on a site and see whether security flaws are found in those tools and fixes posted. If so, they must be tested to make sure they don't break your site. Someone must be responsible for this. A fully custom site will cost more to build, but will normally be less vulnerable to attack. This is because it must be attacked directly against the code there. 1 attack. 1 target. However, a WordPress theme with a million users, can provide a million targets if one hole is found. 1 attack. 1,000,000 targets. Because WordPress is the number one site building tool, it is the number one target. This isn't just a WordPress issue, it is an issue for anyone who uses some web design system (like WordPress) to create their website. WordFence is a company that provides security for WordPress sites. Over 500,000 of their customers are attacked each week with about 16 million attacks originating from over 70,000 separate IP addresses. This is very common and a real problem. You do not want your site taken over, or malware installed on your site and infecting your clients. You should also be checking your site for bad links or information that is out of date. There are no free lunches. Further reading A Wordfence blog post from August 2016 showing the top 20 attacked Wordpress themes and other information. Date: September 2016 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk

Keeping clients' computers safe and profitable for over 30 years

Wordpress Security issues

Further reading