Is Your WordPress Website Secure?
Like any other website platform and content management system, WordPress is vulnerable to hackers, malware and other security threats. Over the past few weeks, a malware campaign has been targeting WordPress sites and placing their visitors at risk. If you haven’t already, you should check with your website maintenance team and see if your site has been compromised. If it has, they’ll need to take steps to address the problem. If it hasn’t, they should take extra precautions to keep the site safe.
Read on to learn more about the latest malware attacks and WordPress website security.
Debunking the 5 Big Myths About WordPress. The Huffington Post: “Myth No. 2: WordPress isn’t secure. With over 60 million websites, this system is certainly targeted by hackers. The vast majority get blocked. WordPress comes with robust security plugins, which are particularly useful for sites hosting ecommerce or other sensitive client information. And those plugins, along with other security measures, are only getting stronger. Last month’s update, for example, includes enhanced password security features. Password reset links will now only stay live for a limited time and passwords themselves will never end up in inboxes — a feeding ground for hackers. WordPress will even advise individual users on the safest possible password. And even those scant few successful breaches don’t mean WordPress is any less secure than rival platforms. The websites of CitiGroup, Google, and Zappos don’t run on WordPress and have also been hacked or attacked. Regular, common-sense precautions — like avoiding ‘password’ as your password — will protect average users from any shenanigans.”
Active WordPress Malware Campaign Compromises Thousands of Websites. ZDNet: “A new, active malware campaign has compromised thousands of WordPress websites in a matter of days, placing visitors at risk. The new campaign, detected by SucuriLabs, began 15 days ago but the rate of compromised websites has spiked in the last few days, according to the security firm’s CTO Daniel Cid. From the 15th to 17th of this month, the rate of infection has surged from 1,000 compromised websites a day to approximately 6,000 — and we are yet to see if this uptake slows down. The hijacked websites are being compromised with the “visitorTracker_isMob” malware which redirects as many visitors as possible to a landing page infected with a Nuclear Exploit Kit. The landing page is constantly changed but contains the same exploit.”
Hijacked WordPress Websites Infect Visitors With Malware. Hacked: “The attackers, according to the report by Sucuri, exploit vulnerabilities in the plugins of WordPress, but this claim has not been confirmed.
‘Out of all the sites we detected to be compromised, 17 [percent] of them already got blacklisted by Google and other popular blacklists,’ the post said. ‘If you are a WordPress user, make sure you keep all your plugins updated, including premium ones.’”
My WordPress Website Was Hacked; How Do I Fix It? PostCrescent.com: “However local website developers are frequently contacted by companies who need assistance because their WordPress website was hacked. Typical symptoms are: The WordPress website is not showing up. Text and links have been maliciously added or the content has been replaced on the website. The home page is now redirected to a page announcing to the world that the site is hacked. Phishing/pharming pages have been installed into the website. Before you make that reactionary phone call to your hosting provider, we recommend you follow these steps. If you do a restore from backups prior to doing your homework, you may remove the evidence you need to track down the source of the compromise. This could lead to your site being compromised again.”