At Sites By Design our most commonly used CMS is WordPress. It used to be Joomla. (Updated Blog Post in 2018)
In the world of Web Design WordPress is the most marketed tool for web. The reason for this is that with a simple tutorial anyone can become a ‘web designer’ and start either creating their own websites or charging others to do so.
Those marketing this ‘great business system where anyone can make fast and easy cash’ have created an army of amateur web designers who are out there installing little WordPress websites for small businesses all over the planet!
There have arisen some serious negatives as a result of this movement.
1. A ‘Push-button Web designer’ is never enough to create a website which works.
In order to create a website that gives a return on investment you do need a web designer, you also need a project manager for Quality Assurance, a copywriter, an SEO expert, a Graphic Designer and a Marketer. Without a complete team you may end up with a product, which does not do the job!
2. WordPress is now the platform most commonly targeted by Hackers!
Yes, you read it correctly, Due to its popularity; WordPress is the most targeted CMS for Hackers worldwide!
Why would hackers want to hack websites you ask?
- To embed links in them for the purpose of building ranking for their customers.
- To create hidden pages as a part of online scams
- To steal your customers information (if it is stored on there)
This morning a massive malware campaign was initiated targeting WordPress websites. The campaign has been tagged SoakSoak because of the domain users are being redirected too.
Details on this payload can be found on our blog.
There are various threads and forums talking about this and it’s very easy to get misleading information. Here are a few things to understand:
- This email does not mean you are infected; this serves as a Public Service Announcement.
- All Sucuri systems have been updated to better detect this infection. If you get a notification please log into your account and submit a Malware Removal Request.
- If you are behind the Website Firewall (CloudProxy) you are being protected from what appears to be the attack vector.
We must be frank with you, WordPress installed out of the box with no extensions / Plugins installed on it is quite secure, but as soon as you add any external plugins to it – you have security vulnerabilities!
We suggest a few possible resolutions for WordPress users.
- Get a Sucuri Account, This will allow you to see when any changes are made to the code of your website.
- Get an external software Firewall Application. This will keep it as secure as possible.
If you are a Sites By Design Client be sure to ask us about our new Website Optimisation + Security service today!