Home » Our News » WordPress Vulnerability

WordPress Vulnerability
10 April 2017

WordPress sites can be vulnerable

You trust many websites to look after your personal data, but read about data losses every week. Brute force attacks on WordPress websites, for example, increased from 300,000 sites per day in 2016 to 700,000 sites per day in January this year, and escalated almost to 800,000 since. That is just one form of attack on the core WordPress platform.

The number of attacks on Wordpress sites in total rose from 30,000,000 (each site gets multiple attacks) in February 2017 to 34,000,000 in March 2017. And now Russia has supplanted Ukraine as the leading source. If you would like to tap into the more detailed month reports visit the Wordfence Blog - https://www.wordfence.com/blog/2017/04/march-2017-wordpress-attack-report/

The plugins and themes you use are also vulnerable. WordPress remove them from their trusted lists when they aren’t updated quickly enough, but often the damage has already been done.

Keeping your website code up to date is vital, but knowing what you are doing so you don’t break it is equally important. Free Rein has a simple security update service for WordPress installations to help you.

Audit and then Monitor the site

If you opt for us to look after the security updates, then the first thing we need to do is test the site to make sure it hasn’t already been compromised. Then we update the existing plugins and themes – assuming they support the latest version of WordPress. There are some elementary failings in the way the site can be set up and, sadly, anyone and everyone feels they can build a WordPress website – they can – but mostly with flaws. The worst we have seen was hacked 5 minutes after it went live - appalling!

Then we have some trusted plugins that monitor the site and any attempts to break into it (we can add you to the alerts). Once it’s all kitted out we will run it through a number of test systems to make sure everything has been covered.

Updating everything

WordPress is great with an automated update service. But how do you know it won’t disable a plugin you are using if a new version that is compatible has not been released? What if it disabled your theme?

Occasionally you may have to wait a day or so before updating WordPress so that your plugin providers have a chance to upgrade their version. We would check all of the compatibility before starting the updates. We would also take a backup before we start – just in case, so we can roll back if we need to, if one of the updates doesn’t work fully.

And if one of your plugins isn’t updated, we will let you know and locate an alternative. That may require a little bit of work to get any new one compatible, but you’re in safe hands.

Don't wait until it's too late!

Let us know if we can help. Call 01473 810002 or email contact@free-rein.net to get in touch.

Follow us on Twitter and Facebook to stay up-to-date with our latest News and Blogs.