We seem to be blogging about WordPress and the plugins an awful lot recently. But when Wordfence say that the current attack peaks are the highest they have ever seen by an hourly rate, it is time to take notice.
"What we know at this time:
- The attack has so far peaked at 14.1 million attacks per hour.
- The total number of IPs involved at this time is over 10,000.
- We are seeing up to 190,000 WordPress sites targeted per hour.
- This is the most aggressive campaign we have ever seen by hourly attack volume."
From Wordfence Dec 2017 Report - read it all here
Many designers create a WordPress website for their clients, pop it on cheap hosting and let the client get on with the updates without really understanding the security necessities of the current environment. You can't blame the designers as the market portrays building a site on the WordPress platform as child's play. And with so many free and cheap plug-ins giving a vast array of additional functionality it does appear that way.
But the WordPress market relies heavily on trust. And surprise, surprise, the real world is full of people looking to exploit that trust and naivety. And where the designer doesn't fully understand hosting, security principles, the importance of SSL and impressing on a client the need for updates, it is almost a forgone conclusion that the site may get hacked at some point. And if you have just thought, "my site has no client details on it, so it will be safe", think again. Sites are hacked not just for the data, but to be a server of malware, to advertise and link to less savoury sites or to be recruited into a bot-net.
So what do you need
First off, if you have already had the site built and are unsure if it is built and hosted properly, check out your site on these passive, simple test platforms;
Simple test of your hosting set up
More detailed test platform
Simple SSL checker
A more thorough SSL test
If it fails in any way, there is really no point in going back to the people who built it and left you in the lurch. Come and have a chat to Free Rein;
- Firstly we can take on the hosting and make sure that is set up properly to start with.
- Next we would update the core platform and any plugins that are being supported - we will tell you if any have been abandoned or disavowed by WordPress and help you find and implement an alternative.
- Then we would add our security pack. This warns and blocks many attacks, speeds up the site and adds an all-round health check
- Finally we would take on responsibility for keeping the core WordPress and plugins updated as and when new releases are available when vulnerabilities are found
The result will be a better peace of mind for you. We can't absolutely promise nothing will happen, but the chances are considerably reduced and you will have experts in your corner to restore sound back-ups and resolve an issue if it occurs.
At what cost
We keep it simple
- Wordpress hosting - from £360 a year
- Shifting to Free Rein - probably an hour at £90
- Security Pace - £360 installed once off
- WordPress and plugin update management - £360 a year
Not a lot for peace of mind.
And something always worth doing is checking to see if your email, and possibly password etc, has been taken from another site, run it through Troy Hunts checker and perhaps sign up to the alert for good measure.
And keep your passwords as complex as you can and frequently changed.