Trademark (TM) has worked tirelessly over the past two decades to build and customize each website to a client’s specific need. We’ve cut, designed, coded and stayed up well in to the night to ensure the end product is exactly right. Let’s revisit the car metaphor one final time: when it’s time for us to turn the keys over and let our clients take their website for a spin, we can only advise them to wear their seatbelt and observe the speed limit so many times. Sometimes it takes a security exploit for people to realize just how important monitoring and maintaining their website really is. Take these next two examples as learning moments from our clients. You may not only save your website’s security, but a considerable amount of money as well.

A Content Nightmare

TM built a website with optimized for SEO, customized plugin’s – the whole nine yards. At website launch and during the WordPress training afterword, we suggested to the client that a monthly maintenance retainer was advisable and listed out the advantages. They respectfully declined, and we respectfully complied. Approximately a year passed with the client neglecting updates. Several major version updates had been missed, as well as a security loophole fix in the platform. Because of this, the site was hacked and we received a surprising call.

The hack was, well, an unexpected one. Our client was seeing random bits of content on his website being changed out for garbage spam- and it wasn’t just any spam. Specifically, his content was being replaced with verbiage relating to “Viagra.” Due to the sensitive nature of this hack, we labeled the case “High Priority” and immediately dove in- finding that when accessing the administration content-editing area for the effected page, all of the content was still there in its rightful place. However, when you would view the public-facing page, all you could see was the “Viagra” text.

The Solution

The TM team discovered that the hacking attempt had injected buried JavaScript snippets, which were replacing the client’s content with spam text the moment the webpage loaded. This explained why the verbiage was hidden when the administration area of the website was accessed. In order to clean up any instances of the injection we ended up spending approximately 5 hours scouring each individual file within the installation. In addition, we spent about 3 hours updating the entire WordPress platform, all of its respective plugins and crosschecking the website’s functionality to ensure it remained in tact past the update. If the proper website maintenance and updates had been performed as they became available over the course of the past year, or at in quarterly update increments, it may have saved them time, money and the ensuing embarrassment!

Server Meltdown

This second example, while slightly more rare than the first, has the potential to become much more serious. The client hadn’t updated to the latest available version of software and the website became an entry point for a DDoS (denial of service) attack. A DDoS is a type of DOS attack where multiple compromised systems, often infected with a Trojan, are utilized to target a single system. This intermittently (and sometimes for extended periods of time) takes down the server the website is hosted on. This hack was possible because a security loophole was taken advantage of on the clients website, due to the outdated software, and a virus, which became the staging point for the DDoS attack, was injected in to the server.

The Solution

Luckily, we were able to contain the issue relatively quickly and stop the DDoS attack, preventing any further damage from happening. In order to ensure that each of the potentially affected files within the server were located and the virus was eradicated, the TM team spent approximately 6-8 additional hours of maintenance time. In total, the damage required us to spend over 10 hours, which the client paid for out of pocket.

In this case, we ended up taking further security precautions in an effort to keep out other client’s websites safe, sound, protected and online. The client needed to agree to a monthly maintenance contract with us to ensure consistent software updates, or else they could to move to a different server with their own host. In the end, a monthly retainer package was agreed upon and our client was ready to focus on what mattered most to them again- their business!

Let us maintain your website so you can spend more time on your business. Choose your WordPress Monitoring & Maintenance Package HERE.




Leave a Reply

Your email address will not be published. Required fields are marked *

Read Related Posts