OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Wordpress Security issues

There is an idea that cool tools are out on the web that allow you to create neat looking websites quickly and easily. Many of these tools are being peddled to unsuspecting small business owners. This is fine, as long as you don't expect that you can create the website and then leave it alone for a few years without constant maintenance. That notion can lead to disaster.

I recently attempted share a link to a friend's website, but when I tested it, I ended up in a miscreant's lair. The link from his Linked-in page did the same thing. His email also failed. I called him. His website had been hacked. He got it fixed in a couple of hours and I got this email back from him.
My web guy confirmed that the site got hacked due to not routinely applying updates. He will start doing that (My fault for not paying attention to this!).

It is now fixed.
Thanks Again!

I decided this was worth an article. There are two lessons here:
  • Websites must be maintained
  • We need a "web guy".

The site was built with WordPress, using some scripts and themes and tools that eventually developed security holes. But, no one was being paid to watch out for this and update those themes and scripts when problems were found and corrected. A "Web Guy" needs to do this and get paid for it.

Someone must be checking the themes and tools used on a site and see whether security flaws are found in those tools and fixes posted. If so, they must be tested to make sure they don't break your site. Someone must be responsible for this.

A fully custom site will cost more to build, but will normally be less vulnerable to attack. This is because it must be attacked directly against the code there. 1 attack. 1 target. However, a WordPress theme with a million users, can provide a million targets if one hole is found. 1 attack. 1,000,000 targets.

Because WordPress is the number one site building tool, it is the number one target. This isn't just a WordPress issue, it is an issue for anyone who uses some web design system (like WordPress) to create their website.

WordFence is a company that provides security for WordPress sites. Over 500,000 of their customers are attacked each week with about 16 million attacks originating from over 70,000 separate IP addresses. This is very common and a real problem. You do not want your site taken over, or malware installed on your site and infecting your clients.

You should also be checking your site for bad links or information that is out of date. There are no free lunches.

Further reading

A Wordfence blog post from August 2016 showing the top 20 attacked Wordpress themes and other information.

Date: September 2016

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster