As much as I prefer to write about the more “human” side of our businesses in my blog posts, this week I really need to go geek on you for just a second. Please don’t stop reading. This is important.
In a recent newsletter we published a recommendation that you update your WordPress website so it would be safer from attack. While a few people responded to us about this, stats show the majority did not read it.
Everyone’s busy, and so believe me there’s no judgment here. But I would feel terrible if I didn’t impress on everyone just what a big deal this oft-procrastinated thing is, and what it may cost you if you don’t.
(Lest you think this is some kind of sales pitch, it isn’t. I have no vested interest in how you get this done; I just don’t want what’s happening out there to happen to you.)
There was a recent security “hole” discovered in WordPress that opened the door to what’s called a “defacement hack” — the hacking of websites to post spam, porn, ads, or just nasty messages, on your web pages. If you’re up for a little geeky language, you can learn about this here, but it’s not essential. If you do read it, bear in mind that the numbers they quote of infected sites has grown. A lot.
Three separate clients reported issues over the past week, and it was a bit of mayhem. Two were just mildly inconvenienced. One site vanished entirely. The most recent information shows that millions of sites are being hacked. To be clear: Your clients may visit your site and see . . .shall we say . . .not what you intended. If you do nothing else, please go out and be sure your website is still there, and that you can get into it.
Getting the hackers’ dirty work out of your site is not a simple affair. Their code can reach deep into your website’s guts where it’s very difficult to find and get rid of. Some of it regenerates itself as soon as you delete it. Some tactics change your login name so you can’t get in to manage your own site. Some brings your entire site down, forcing you to rebuild it from a backup copy or from scratch.
I can’t be any more honest than this: Unless you feel you’re in a position to spend a LOT of money and risk your site being down for days or weeks, please go out to it and make sure your version of WordPress is the latest (that would be version 4.7.2, which closes that door).
If your site has a backup system, whereby it backs itself up periodically to keep a safe copy somewhere, then please manually back it up yourself prior to updating.
We are here to help, and the safest way to do this is to buy a smidgen of our time to do it. We’ll back up the site safely, run malware scans to be sure it’s clean, update you to the new squeaky-clean versions of everything, and make sure your site security is good. BUT I understand that many will want to update their site themselves, or get a techie person in their circle to do it, for cost or other reasons. That is absolutely fine.
However you do it, please do. You are all doing wonderful work in the world, and nobody has spare time to waste on this kind of thing.
Thanks for listening.