In the last several weeks we have seen an influx of attacks on website software by hackers. Not only on some of our old client’s websites, but on websites around the world. A majority of these website software attacks have been on any non-current versions of WordPress, but we have seen continued attacks on older versions of phpBB too.
One of our personal blogs was hacked and so far we have found two clients with older versions of WordPress that have been compromised. With regular maintenance and monitoring, this could have been prevented but the truth is that far too many people don’t think about maintaining and protecting their website until it’s too late.
Our blog that got hacked was one of DZ’s personal sites that hadn’t been touched in months (we all have sites like that here…we own a lot of web real estate). By the time we were aware of the problem, Google and all modern web browsers had blocked access to the website because it had been designated as an “attack site”. A hacker or team of hackers had compromised the blog software installation and injected code into the website that was downloading a virus onto the site’s visitors computer.
So far we have found two of our client’s blogs that were running outdated software and have been compromised as well but we were able to catch it before any damage could be done. Why did we catch these two? Because those particular clients had maintenance contracts with us which means that we regularly spend time on their websites “checking it out” and “tuning it up”.
We have issued a mass email to all of our clients that have older versions of WordPress blogs so that we can get their permission to spend a few hours securing and updating their blog software. Unfortunately, out of the 20+ clients we’ve contacted, only a few have responded. Maybe people don’t understand the severity of the situation?
The truth is that all software is susceptible to hacking. The adage says, “If it can be built, it can be unbuilt.” Fortunately for us and our clients, we use well built Open Source software on our projects which means that there are thousands of developers, all over the world, who have a vested interest in the security and well being of that software…we don’t have to wait for companies like Microsoft to send out a memo, hold meetings and do a bunch of bureaucratic BS to get a security hole patched.
If the software we use is found to have a security hole, it is fixed immediately and the updated web software is available for updating almost as quick. So how does web software get compromised if it’s always being updated and fixed? By a failure to update and protect your investment.
If you spent a lot of money on a car, you would take it in for regular maintenance, right? Regular oil changes, checking the air pressure on your tires, regular tune ups and adjustments to keep it running in top form. Why wouldn’t you do the same for your online software?
Unfortunately, too many people buy or build a website and think they’re done. Keeping your website on a regular maintenance schedule, just like you would do with your car, is super important.
If you do not have a maintenance contract with us or haven’t talked to us in awhile, I strongly encourage you to come in and have a chat with us. If you received our notification about the security of your software and you ignored it, don’t! Call us or email us with questions.
Not maintaining your website and protecting your visitors is bad for business. Running an unprotected or outdated website is like running a restaurant and not caring if your guests get food poisoning.
My intention is not to scare you or be crass, but I hope that something in this blog post set off a bell in your head. Be a responsible website owner and take it into the “mechanic” once in awhile.