Blog } our thoughts

Let’s Talk Website Security!



Posted by to   InternetNewsSecuritySoftware on March 08, 2012

In the digital world, things change frequently, and if you're doing business online, you need to stay informed, up-to-date, and on top of things as best you can. Software is updated all the time with new features, enhancements, and fixes designed to patch holes or vulnerabilities in the software's infrastructure to ultimately keep your site and your business running smoothly and securely.

This week, 30,000 WordPress blogs were hacked and infected by a “cybercriminal gang whose primary goal is to distribute rogue antivirus software”.  Read more about the attack in this article from Networkworld.com. These kinds of hacks are nothing new. What is most relevant is the following: “Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks,” said David Dede, a security researcher with website integrity monitoring firm Sucuri Security.

Over the past two weeks, I have had to clean up the mess left behind on three websites that were hacked. The websites were compromised because the owners had not kept the website software up to date; thus, the vulnerabilities in the old software were discovered and exploited.

In each case, Google completely blocked the websites from being shown, adding them to a blacklist of infected pages. This blacklist is used by web browser companies to block known infected sites, so when you try to visit an infected site you get a big red warning message informing you of the danger. This is a good thing to have, as it stops the spread of viruses and Trojans, but it’s definitely not a good thing for your website to be on that list. And it’s hard to remove it once you have cleaned things up.

The time involved investigating and fixing these messes far exceeded the time it takes to provide a simple maintenance strategy on an ongoing basis.

Websites require routine maintenance and updates in order to stay safe from attacks such as this. Because we're Internet marketers, and do so much of our own business online, we do our best to stay up on the latest updates for WordPress as well as the other site hosts that our clients use. We encourage monthly site maintenance for all our clients. If you ever need help making sure your site is secure and up-to-date, or want us to take care of ongoing maintenance, contact the experts at corecubed for help!

 


Enjoy this post? Why not share:


 

No comments yet... be the first to leave one.

 

Post a comment:

Commenting is not available in this channel entry.