Most of these clients were not being negligent and ignoring their core, theme and plugin updates, they were checking frequently in the WordPress dashboard and making the updates.
The problem was that one of the plugins they were using did not notify them than an update was available. This plugin had been included with their theme. A Web Designer had built their site using a premium theme that included the plugin. Neither the theme nor the plugin go through WordPress.org to notify users about updates.
So, the users thought their sites were secure. So did I. I didn’t realize that the theme and plugin needed an update. And, they were broken into and had to come down until I could fix the problem.
What, exactly, the hackers wanted is still a clue. They installed scripts on the site, but I’m not sure what purpose those scripts served. One of the sites was hijacked, meaning that the site was redirecting to another site. So, anyone coming to the site expecting my clients site was redirected to another site which completely bypassed my client’s site.
This was effective in stealing all the traffic my client was getting to their site. Not a good thing.
I had to reinstall everything on the site because once it’s hacked we aren’t sure if any of the other files have been compromised. I installed the updates to the plugin and theme by hand and now they are back up and running. I had to make some changes to some of the files for the updates, so it wasn’t a simple process, but it wasn’t impossible either.
Four of the five clients were being protected by my WordPress Updates and Security package, so the fix didn’t cost them anything. The other client had a bit of an expense. However, she decided to sign up for the security package after the break-in so she would be covered next time.
That was last week. Yesterday another client was hacked. Her site is also being hijacked and she is losing all her traffic to another site. Unfortunately, her site is hosted by a company that does not perform regular malware or virus scans to check for such attempts. Her site goes down a lot – probably because other sites on her shared hosting server have been broken into and brought the server down.
It’s a dangerous world out there. How safe are your websites? WordPress is open source. Most of the plugins and themes are open source. This means that anyone can see the code and figure out how to break in. How well are you being protected?
My 5 clients were my hosting clients. I found their site was hacked through a routine malware check. My client on the other hosting is paying for my WordPress security and updates package which is why I found her problem. Otherwise, she may not know until she just happened to go check out her site.
Is your site being monitored? Is someone checking to make sure your site is healthy and safe? Do you know when your site is down? How much business are you losing when your site is down or broken?
I would love to help protect and monitor your site. I have affordable support and security packages that include free hosting because it’s much easier for me to protect your site on my hosting where I have more control.
Believe me, when you sign up for my service, I have a vested interest in keeping your site secure. I don’t like spending my time fixing your site after a break in. Especially, not during Thanksgiving weekend.
If you have a WordPress website, you must be concerned about it’s security. How much did you invest in your WordPress site? You should protect that investment.
Or you can pay me to fix it when someone breaks in. 🙂