WordPress is a great tool for building websites, but it is also a common target for hackers because not all WordPress users keep their WordPress software, plugins and themes up to date. This is especially the case with “day-zero” expoits where hackers target sites as soon as an exploit is made public and where users haven’t updated their software yet.
This week we saw out-of-date plugins on two sites being exploited by hackers because the users hadn’t kept their sites updated.
Fortunately our security systems alerted us and we were able to close the sites down quickly before any damage was done. We’ve since updated the plugins for our customers and cleaned up their sites.
We can’t stress hard enough how important it is that everyone keeps their site software up to date. There is no excuse for not doing so. And with WordPress 5.5 you can even set things up so that all themes and plugins get updated automatically as updates become available. See the following link for more details:
We also recommend customers use some sort of security plugin to help protect their sites and to alert them when their plugins are out of date. When we set up sites for customers we install WordFence and iThemes security for them. These can then be customised by the user to give them the level of security they want, and allow them to get alerts. (The above two sites did not appear to have any security plugins installed.)
Please check your site now and get everything up to date, and if necessary install some security plugins. Next time it could be you!
If you have any questions on the above, or need advice about your site’s security, please email [email protected] and we’ll try to help.