Last week, one of our WordPress clients got some disturbing information from a family member:
“wordpress had been hacked into and thousands of people were getting viruses and losing their websites if they logged into their wordpress site “
After a week of fretting and not updating their blog, they emailed us to ask if their site was OK, and is it safe to log in?
Advice point 1: Don’t panic and don’t leave it a week before doing anything!
After an hour’s investigation I’d found very little, so I asked for the source of the information. The link was to a blogger who produces fairly light-weight blogs about WordPress, and uses his site as a source of income through a multiplicity of affiliate links.
His blog about the hacking was a mere 180 words with a link to an original source and, not surprisingly, affiliate links to paid-for security products. It mentioned two problems which our client’s source had muddled up.
Advice point 2: If you hear about a problem, check the source and cut through the rumour and speculation.
The information passed on to us was inaccurate. I’ve tried to separate out the salient points here:
- Firstly, if you have a WordPress.com-hosted blog or site, it isn’t affected.
- The hacking has affected CMS (Content Management Systems) written in the PHP language. WordPress figures highly as there are many more WordPress sites than (say) Joomla sites.
- The websites don’t have a virus themselves, so visiting them or logging in doesn’t infect your PC. The hack has put a re-direct code into the pages, and there are actually two different hacking attacks at work. Typically, when you get to the re-directed site you’re told your computer is infected and they try to sell you a worthless (and probably infected) anti-virus package.
- WordPress.com stats suggest there are over 70 million WordPress sites, of which about half are not hosted by them and so are potentially vulnerable. Although thousands of websites seem to have been compromised (30,000 was the figure quoted), less than one tenth of a percent of the total will have been affected. The blog also reported 85% of the affected sites were in the US.
- The blog also mentioned “4800 Hacked Websites Lost With No Chance of Recovery”. This refers to a hosting company in Australia which had 4 servers hacked in June 2011. They were unable to recover the data from the servers, didn’t have adequate backup systems in place, so the sites were completely lost. This was a specific attack on their servers and completely different to the other hacking mentioned here.
Advice point 3: Make sure you have a reputable, up-to-date anti-virus and Internet security package on your PC.
There are free anti-virus and Internet security packages, but a paid-for package with frequent updates is likely to give you better and more consistent protection (we use F-Secure which checks for updates every 2 hours). And be cautious when surfing the Internet and following links.
Advice point 4: Check your website provider and/or hosting company are backing up your site, and storing the backups securely.
We backup all the websites we host and manage, independently of the backups the hosting company takes. Our Backup Smart system runs every night, and downloads the backup files so a problem at the hosting company would not compromise our backups. We use an industry standard algorithm which keeps a mix of daily, weekly and monthly backups.
In conclusion
Sherlock Holmes would certainly know what to do. He’d advise you to investigate and get to the bottom of the problem. Once you’ve separated the wheat from the chaff, you can take sensible precautions to protect yourself and your business.
If you’re still in any doubt, you can always send us an email or give us a call – we don’t charge for our advice.
WEB-right Simplicity 