I have said it before but it bears repeating….
No one is immune to hacks. It doesn’t matter if you are a small business with 10 employees or a huge business with 10,000 employees.
This point was once again driven home when this past Wednesday the Microsoft site, digitalconstitution.com, was found to contain numerous spam pages and links in its website.
The site, which was launched in mid-2013 months after the Edward Snowden revelations were first published, soon became a platform for Microsoft’s corporate views on government surveillance and a new case dedicated to fighting an international search warrant.
The site appears to have been modified around 9:15pm ET on Wednesday, and remains affected at the time of publication.
It’s not clear who is behind the attack. The site, according to zdnet, was running an older version of WordPress which made it susceptible to the attack. This should serve as a sobering reminder to all of us.
When was the last time you looked at the plugins you were using on your site? How about your themes? Do you really need all of them? Many of the exploits and hacks that happen to WordPress sites are a direct result of outdated themes and plugins. I bet if you checked right now you have plugins you played around with or quit using still sitting inside there all out of date and inactive. How about those 10 different themes you uploaded when you were thinking about redesigning the site? Seriously, are you ever going to use them? If the answer to any of those questions is no, then get rid of them.
How about the plugins you do use? Is there any reason that you are still using an old outdated and unmaintained plugin that hasn’t been supported in years? Is the functionality so crucial that you are willing to risk your site’s security on it? Is it worth the time, the energy, lost business, and lost sleep that will inevitably come when your site is exploited and redirects everyone to an offshore pharmacy? With 38,461 plugins in the WordPress.org repository at the time of this entry there are probably at least several that will provide the same purpose but that are updated and rated to work with the current version of WordPress.
Let’s also not forget about the core WordPress software. WordPress doesn’t release new versions just to release something. They contain security fixes, bug patches, and, yes, even some new functionality or improvements. If you are running an outdated version of WordPress, then you likely have holes in your website’s security.
Sure, it’s tempting to poke fun when the big guys get egg on their face. But learn from their mistakes. Maintain your website. Update your software, themes, and plugins. The difference between the big guys and you is this: They have a team that will fix their site for them if they get hacked. You have you, and if you’re lucky, you have WP Site Defender. Being proactive now will prevent you from being the next statistic.