In September a large number of WordPress sites were hacked in their thousands. Why and how they were hacked raises interesting points on how careful one should be when purchasing a WordPress theme or using a plugin. Additionally and more importantly the hack outlines how critically important it is to maintain and properly administer a WordPress site.
Origin of the hack — Slider Revolution
A vulnerability in Slider Revolution, one of the most popular WordPress slider plugins, was recently targeted by a number of hackers. Slider Revolution is a useful, well coded and extremely powerful plugin that is regularly updated. The vulnerability that was exploited was actually discovered, fixed and patched in version 4.2 months ago.
So why then was this such a big and successful target for attack?
2 reasons — first and most importantly site owners did not maintain or backup their sites properly.
Many themes have Slider Revolution built in to the theme’s code rather than adding the plugin as a proper external plugin. This means that the WordPress updater is not aware of the plugin and does not ask for it to be updated. The only way to update the plugin is to update the entire theme — which in itself is relatively simple. However the majority of theme authors do not update the code to their themes regularly (and in the case of free themes sometimes they do not get updated at all). This causes a massive problem by making the built in plugins extremely outdated and results in large security holes opening the site for attack by hackers. More information about this topic can be seen here: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
There are an overwhelming number of free and premium WordPress themes to chose from. And selecting what you think is a good, clean theme rather than having one built for you from scratch can have unforeseen consequences. The initial expense of the site might be a bit more expensive but it will work out much cheaper in the long run.
Being Prepared — Maintain, Update, Upgrade
It is vitally important that a WordPress site be updated as often as possible. Updates or new versions of WordPress are released regularly which patches the underlying system. Besides the potential security vulnerabilities that crop up from time to time, it is important to update your site to keep up with the rapid way in which web browsers are updated.
- Backup your site!
- Update your sites plugins at least once a week
- Update WordPress to the latest version as soon as it is available
And most importantly — Backup!
Backup your WordPress site at least once a week and keep up to 8 backups before overwriting the old ones. If your site is hacked or the site breaks for some reason you have a few backups in place to restore the site to working order very quickly. If you do not backup and something does go amiss you will need a web developer to fix things for you. In extreme cases it might result in the entire web site having to be redone from scratch. This is a needlessly costly exercise that can easily be avoided.
Let us maintain your site for you
For peace of mind we can handle your web site’s maintenance for you. For only R350.00 per month we will provide you with the following service.
- Weekly updated to plugins
- Weekly updates to WordPress as and when they become available
- Weekly or daily backups with 1 month’s retention.