WordPress provides foundation framework for many websites to publish text, image, and video content to the World Wide Web. It’s an easy platform for people to start their business on, and why now more than 32% of websites that run on the internet run on WordPress.

WordPress has always been an attractive target for most hackers and other form of cybercrimes. Which is one of several reasons I STRESS to my clients to be sure to do backups, as well as make sure they have their themes and plugins up to date at all times. NOT to mention the MESS that can happen on a website, should you decide not to stay updated on your plugins….if you let them go too long….and too many updates have happened and you have not taken the time to update, this could lead to your site breaking as well! It could take a developer hours to figure out what broke your website!

In this article, we will discuss the most common ways in which WordPress sites are compromised, and what you need to do NOW to protect your business!

Command Injection

WordPress operate on three primary layers: the application server, the web server and the database server. But each of these layers are operating on hardware with specific operating system, such as MS Windows or pen source Linux and that is a potential vulnerable area of being attacked. In this, a hacker will enter malicious information in the text field or URL, similar to SQL injection.

Certain internet-connected cameras have found to be especially vulnerable to command injection attacks. Their firmware can improperly expose system configuration to outside users when a rogue command is issued.

Cross-site Scripting

Also known as XSS, targets the JavaScript elements on a webpage instead of database behind the application. With this, the hacker adds JavaScript code to a website through a comment field or other text input, then that malicious script is run when users visit the page and simultaneously outside visitors private information is being compromised. The rogue JavaScript will typically redirect users to a fraudulent website that will attempt to steal their credentials and other identifying data.

File Inclusion

Common web coding languages like PHP and Java allow programmers to refer to external files and scripts from within their code. The “include” command is the generic name for this type of activity.

In certain situations, a hacker can manipulate a website’s URL to compromise the “include” section of the code and gain access to other parts of the application server. Certain plug-ins for the WordPress platform have been found to be vulnerable against file inclusion attacks. When such hacks occur, the infiltrator can gain access to all data on the primary application server.

Malware

Certain malicious code can be inserted in your word press by way of theme, an outdated plugin or script. This code can extract data from your site as well as insert malicious content and can cause serious damage if it goes unnoticed for any length of time. This can add cost to your hosting expenses as large amount of data is transferred or is being hosted using your site.

DDOS Attack

DDOS attack i.e Distributed Denial of service is the extended version of Denial of service (DoS) in which large volume of requests are generated to a web server which makes website slow and ultimately it crashes. The difference is that DoS is executed via single source while DDoS is an organized attack executed via multiple machines across the globe.

FINAL THOUGHTS!

So now you are familiar with various word press vulnerabilities.

It is worth noticing that updates play a crucial role in keeping the security intact on your website, and whenever there is any unusual activity, you will be able to start digging until you find the problem and solution too. If you ignore the issue for a longer period of time it can cost you thousands of $$ to get the help you need to restore your website and get you back to making money.

ONE Last Note for Business Owners with Membership Websites or an eCommerce Store

This part concerns me, as I help many clients handle their membership or eCommerce websites. If I’m selling information or I’m using WordPress as a shopping cart or as a membership site. I need to make sure that people who have paid for things still get access. If someone is paying me on a recurring monthly basis and the site goes away, not only have I lost my site, I’ve lost my monthly recurring income. In many cases there’s no way to get it back. If someone is paying you on a recurring basis and there is a certain transaction ID and a certain number associated with that person paying you month after month. It’s very difficult to set up the site exactly the way it was and associate that person paying monthly to that user account they had on your WordPress site.

I cannot stress enough how important it is to do bi-weekly to monthly updates and backups on  your website!

Does the Thought of Doing Your Own Backups and Updates Scare the Wits Out of You?

Then fear no more!

Best Intuitive Websites offers an amazing package that will not only save you money, and time, but give you ease of mind that your site is fully updated and backed up every other week!

PLUS we install a security plugin on your website that will help keep track of what is happening behind the scenes of your website. So, if something should happen the problem can be quickly identified, and blocked.

For more information click the button below.

Rebecca has been looking after our websites for as long as I can remember. We simply could not manage without her.  She not only takes care of the day to day operations, she is there with lightening speed for any emergencies that arise.

Most recently, our site was attacked by credit card checkers. They find a small operation and test thousands of credit card numbers to see which ones go through so that they can then use the cards for large expenditures.  This attack caused complete chaos in our system and we were in jeopardy of having our merchant account closed. As soon as we were hit, we reached out to Rebecca and in very short order she put systems in place to block the attackers from even being able to use the cards on our website.  She again came to our rescue. 

We are very grateful for her knowledge and swift action that kept and continues to keep our website safe, and functioning optimally.

Brenda Eastwood, RNCP

Author and Women’s Health Specialist , Hormone Roller Coaster