“Defacements don’t offer economic returns, so that will likely die soon. What will remain are attempts to execute commands (RCE) as it gives the attackers full control of a site – and offers multiple ways to monetize – and SPAM SEO / affiliate link / ad injections,” – Sucuri wrote Thursday
There were a lot of online news sites like BBC and even security sites like Sucuri writing about WordPress sites being hacked and even defaced last week. We had our share of repairing sites that came our way. A content injection vulnerability disclosed last week in WordPress 4.7.2 that experts say has been exploited to deface 1.5 million websites.
WordFence’s Chief Executive Officer, said researchers saw the biggest spike in attacks on Tuesday last week when the company blocked roughly 13,000 attacks from 20 different campaigns.
Most of these hacks were due to sites not being updated to the latest version of WordPress.
What does this all mean?
First off we love helping clients fixed hacked sites, but what we really want is everyone to have a better overall WordPress experience. Its a good reminder to check some basics on your website.
- Is your site up to date WordPress version 4.7.2?
- Backup, Backup, Backup… Do you have a daily backup of the site?
- Do you have any sort of security or firewall plugin?
- Again is your site backed up?
If your business relys on your website to be a face of your company, your 24-hour employee then whats the current disaster plan if the website were to go down? Believe it or not, this is when people contact us. They can’t find their web person, they don’t know who is hosting the site, or where logins are. Rule of thumb, when your house is on fire – this isn’t the time when you want to be digging around for the insurance persons phone number.
It’s a good time to email your web person and just ask the basics and what kind of backup solution you have for getting your site back online.