It's easy to ignore website security until it isn't. This week, WordPress suffered another attack that left companies trying to recover. Hackers created a fake tool on GitHub that looked like it could help people post content to WordPress. When researchers and others downloaded and ran it, the hidden code inside stole their WordPress login details—over 390,000 sites in total—and sent them to the hackers. It’s like someone handing out a “free upgrade” to your home’s security system, but instead they copy your keys and break into your house later.
One of the problems with WordPress is that it's so popular. When a platform has the type of market share WordPress does—between 43.1% to 64.3% of all websites—it will become a prime target for hackers. WordPress also lulls its users to sleep through one-click updates, millions of plugins, and a general feeling of ease until the walls inevitably come crashing down and you're paying a Russian hacker a few thousand dollars to hand your keys back over.
Sometimes you learn the hard way. But you don't have to.
What You Should Do
Before we get into how to avoid this type of situation, here are the steps you should take immediately if you've been impacted:
- Change all your site credentials immediately.
- Update WordPress, remove suspicious plugins, and tighten your security settings.
- Run a thorough security audit with a trusted partner to find and fix any hidden backdoors.
- If possible, consider moving to a more secure CMS platform like Craft CMS.
- Make regular backups, enable two-factor authentication, and schedule ongoing maintenance checks to prevent this from happening again.
After you've done that (we're happy to help), continue reading to learn how to protect your website moving forward.
Not sure where to start? We’re here to help. Whether you need a quick security audit, help tightening up your WordPress site, or advice on switching to a more secure platform like Craft CMS, just reach out. Let’s make sure your site stays yours. Reach out today.
Why You Should Care About Security Breaches
Let’s take a look at what happens when your website is compromised. It can range from costly to reputation destroying.
Lost Customer Trust
A data breach leads to headlines about leaked information, and customers may start to leave. Many won’t return. It’s like discovering your favorite restaurant failed a health inspection—hard to forget, even if you give them another chance.
Operational Disruptions
While you’re busy resetting passwords, restoring backups (you have backups, right?), and handling inquires from customers and regulators, your website is offline. During this time, competitors are more than happy to serve your customers, taking advantage of your downtime.
Search Rankings Drop
Google doesn’t take website downtime or safety warnings lightly. If your site is flagged as unsafe or goes offline for too long, your rankings will drop. Regaining that position in search results takes a lot of time and effort.
Staying ahead of these types of security breaches can protect your reputation, operations, and bottom line.
Read more: Website Neglect is Costing You
The Thing About WordPress Plugins
WordPress isn’t inherently broken. But its plugin ecosystem is like a run-down flea market where anyone can set up a booth and sell whatever they want. Sometimes you stumble upon a quirky Christmas ornament that’s somehow perfect for your tree. Other times, you pick up an ornament that turns out to be an unintentional glitter bomb. Have you ever experienced a glitter bomb? You'll be picking glitter off your furniture for years. You don't want that.
Many companies treat plugins like impulse buys at a flea market. They grab whatever looks useful, install it, and hope for the best. That's one reason, when we inherit WordPress sites that need new life, we start with a WordPress Health Check that includes auditing all plugins.
How We Keep Your Site Safe
We treat your website like it's our own, partially because we're going to hear about it if something goes wrong, and we'd like to avoid that. When we start new relationships with clients that bring along pre-built sites, regardless of platform, we almost always start with a website health check. We take a deep look at the website to determine:
- How fast your pages load (to make your site better for users and increase SEO rankings)
- Whether your content makes sense to humans and search engines
- If your hosting setup is actually doing its job
- Whether Google can find all your important pages
- Which plugins might be secretly plotting against you
- Any code that needs to be updated or fixed
Why Craft CMS Might Be Your Better Option
If you're tired of the negative sides of WordPress—the constant security issues or the UX approach that resembles your favorite junk drawer—we have a better option. Craft CMS is our preferred content management system for most companies we work with. That's because, after we show them the benefits, our clients fall in love with it too. Change is hard, and WordPress has become comfortable for many people. But, at some time, it makes sense to find a platform that prevents your website from becoming a dumpster fire.
Craft doesn't need seventeen plugins to do basic things. Like Apple when Steve was around, it just works. The backend is clean enough that your team won't break things by accident, while still having an incredible amount of flexibility to modify, expand, and manipulate content. Updates happen regularly and don't feel like playing Russian roulette with your website, especially with our team overseeing those updates.
Read more: Craft CMS vs WordPress
What Now?
You've got options. We can help lock down your WordPress site and keep it maintained, or we can talk about moving you to Craft CMS. Either way, you're going to get a partner that can see around the security corners to ensure your are in a better position with your website. We care about your site's security as much as you do. The WordPress breach was bad, but it won't be the last one. The internet is weird and sometimes terrible. But with the right setup and someone watching your back , you don't have to lose sleep over it.
Ready to make your website less of a security nightmare? We'd love to talk.