A Web.com Partner

Unpatched WordPress installations: A recipe for disaster

So you’ve just finished your perfect website on WordPress and its live using one of our hosting plans. The design is flawless, every single link works and your SEO rating would make Sundar Pichai himself cry tears of joy.

Now the time has come to boost your WordPress site with some plugins that will make managing the site even more of a breeze.

But wait, one of the plugins is doing something strange, its posting spam on your site! Popups selling 95% off ray bans are appearing left right and center an theres nothing you can do!

Unfortunately this is a very real possibility for WordPress users.

The Culprits

Security experts are warning WordPress users to check their sites in the wake of a rash of attacks on unpatched installations.

While past attacks have typically focused on a few specific bugs, today’s cybercriminals are taking a more scattergun approach — exploiting a range of different flaws and vulnerabilities in order to inject malicious code into unsuspecting WordPress user’s sites.

The Reason

WordPress is one of the most popular content management systems around, with over 75,000,000 websites relying on a WordPress installation for their web publishing needs. With plenty of built-in features and countless third-party plugins to customize your build, it’s no wonder that so many webmasters choose WordPress as the backbone of their sites.

The downside to all this popularity is that WordPress and its associated add-ons are now tempting targets for creators and distributors of malware, resulting in numerous attacks. Pieces of malicious code masquerading as useful plugins are a major concern — but even if you’re scrupulous about only installing elements obtained from reputable sources, you may still find yourself the victim of an attack on your site if you don’t keep everything patched and updated. Cybercriminals are constantly on the lookout for vulnerabilities in WordPress itself and within the many plugins available to site owners. Unpatched installations and plugins offer a multitude of opportunities to inject malware into your site. This malicious code can range from crypto-jackers that force your visitors’ browsers to mine digital currencies similar to Bitcoin, to more serious hazards like ransomware and tech support scams.

Malicious code on your site can damage your business, harm your site’s reputation, negatively affect your search ranking and drive away visitors.

The Precautions

Perform regular checks to ensure that your whole site is free from malware — and keep it that way by patching and upgrading every element of your WordPress installation.

Furthermore, having malware on your site could attract further attacks from outside sources as your sites integrity could be compromised. This is where SSL certificates can come in handy as they encrypt data to and from your site, as explained in our blog about SSL certificates.

As always, if you have any questions about this post or our hosting services, simply call us on 1300 MY HOST (694 678) during business hours.

Stay tuned for more advice and hosting tips on the Digital Pacific Blog and follow us on Facebook, Twitter, LinkedIn and Instagram!

Get tips & insights
direct to your inbox.

Sign up to our newsletter to get the most from your website hosting with insider tips, tools and guides plus 10% off your first invoice!

Have more questions
on Hosting?

Simply call us on 1300 MY HOST (694 678) during business hours, or submit a ticket through OnePanel and one of the crew will be in touch!

Get in touch
Top
Chat