Is it just us or is WordPress having a hard time? We’ve noticed a number of updates to the WordPress platform over recent weeks and in each case, there appears to be a slightly larger message advising that it has fixed ‘security bugs’.
There seems to be part of a larger pattern where sites all over the world running the WordPress platform are having problems with hackers and it seems coincidental that this is happening at a time when WordPress is frantically updating the platform every couple of weeks. Of course, this might just be two plus two equals five and as we are going on ‘internet chatter’ and personal experience there is a good chance that we are simply reaching the wrong conclusion, but….
The problems appear to be that hackers have realised that WordPress is wide open, and with millions of sites now hosted on the platform, the vulnerabilities in this mean that they can target and compromise a wide range of high
profile sites. If the gaps in a basic WordPress installation are the same in any other then sites as visible as http://www.number10.gov.uk/ could be at risk.
Add to this the fact that most of the plugins are free and developed by individuals, on whom we now rely to keep them up to date, and the opportunity for gaps to appear to seem self-evident. In fact some of the recent reports we’ve seen suggest that it is the plugins that are the weak spot with huge holes in the coding that allows hackers to hijack them. Just last week we had to advise a company that the gambling site link that had mysteriously appeared on their home pages was in fact buried in one of the plugins that they were using.
There are a couple of simple steps you can take to reduce the chance of being hacked if you are on the WordPress platform including:
- Take the new WordPress updates when they are offered. Don’t wait until the next release.
- Update your plugins regularly as well.
- Remove completely any inactive plugins you may have installed. These can conflict with the updated theme and cause operational problems as well as leaving a door open for the hackers.
- Change your password to something far less memorable.
The problem with WordPress plugins is that you have no ideas where they have come from. This means that they could not only include open doors for hackers but also they can themselves contain malicious code. We found a WordPress plugin last year that was very good and did an excellent job but had a link hidden within it which passed page rank to the programmers’ site. He was sitting on a PR8 site based on just these backlinks. Despite our best efforts, there was no way to remove the link without breaking the plugin, so we did the next best thing and changed the destination URL so it no longer leaked out of the site.
If you have any signs that WordPress is being targeted by hackers feel free to let us know….