Earlier this week there was an announcement that a WordPress plugin, Captcha, was found to have some code in it that allowed the developer to have ‘backdoor access’ to the website. The plugin was quickly removed from the WordPress plugin repository, then replaced once the malicious code was removed. I saw the email announcement almost as soon as it arrived in my inbox and immediately checked all our sites. Luckily only one site used this particular plugin and it was removed immediately per the recommendation by people at Wordfence, who developed the security plugin we use on our sites.
A backdoor file allows an attacker, or in this case, a plugin author, to gain unauthorized administrative access to your website.
Also this week on December 18th, a “Aggressive WordPress Brute Force Attack Campaign” hit the WordPress community. The people at Wordfence stated that “This is the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour.”
This is a prime example of why you need to have security measures on your website. Hacking attempts are increasing all the time and the attackers do not discriminate on who their targets are. A single page blog is just as much at risk as a Fortune 500 owned website.
We take great pride in offering a comprehensive web site maintenance plan. If you don’t have someone in your organization to monitor and update your sites, check out our Client Care Plans.