Do you use custom post types in your WordPress site? You may have some fixin’ to do…

Security experts just found a breach in which hackers manipulated a common WordPress plugin to do “bad things” (I’m leaving out the jargon) to your site.

What’s so special or unusual about this announcement? The type of hack. Most security breaches begin as brute force attacks – all those attempts to gain entry to your site via the “admin” login. If you don’t have security software installed on your website (or by your host), your site may be susceptible to intrusions.

For my own clients, I receive regular notices (every day and every week) of hack attacks via login attempts. This is the equivalent of marauders banging on the drawbridge or shooting arrows at a high castle wall: Ain’t gonna get in!

But a hack attempt (and success) via a WordPress plugin (which is what happened) is a veritable Trojan Horse: If you get automatic updates to this plugin or accidentally manually update to the hacked version, it’s a huge pain to clean up the mess.

Fortunately, none of my clients use this plugin. Disaster averted. And it is the first time anyone’s seen this type of attack, making those of us who develop WordPress sites wonder where the next attack may come from within the castle walls.

As always, we try to stay at least a step ahead of hackers (and hopefully on the other side of the moat, too)!

2016-12-11T16:09:17+00:00March 7, 2016|Website Design, Website Security|

About the Author:

Marcia Macomber
Bringing a cornucopia of services to her clients, Marcia provides graphic design, market strategy, social media, copywriting, website, video and many other services. Too impatient to wait for others to deliver the goods, Marcia prefers to usher projects from the twinkle in a client's eye to the finishing touches on a big stage. What are you dreaming you need to market your business?