Safe Hex for WordPress, Why pre-v2.8.6 is BAD for Your Blogs Health!

WordPress

Is your blog practicing safe hex? Is it running the most recently patched code to protect your blog from attack?
Regardless of how benign they feel, its CRITICAL to your business to remember that blogs are applications and vulnerable to a variety of attacks.
This week has seen a huge spike in blogs being hit by “code injection” virus type infections. This is due largely to running versions of WordPress that are before (lower than) 2.8.6, which was a HUGE security update.
Please realize that you can not run a virus scan/anti-virus on a host in the same way you can your desktop PC. It depends on strong code and strong usernames/passwords to protect it.
Best case scenario in a case of this type of attack is that you spend several hours cleaning up your host (if you know how). This assumes your data wasnt compromised, you can locate the infected files, and Google did not black-list you for handing out viruses to others.
I just spent several hours cleaning up a host for an associate that got very very lucky. Even that lucky, he got several HOURS of my time. It would have taken longer had he not had a number of files and pieces of information about his server that I needed. When he asked his host for assistance they informed him, essentially “not our problem”, since it is user data, and said that once a host is infected they can not assist.
Worst case scenario is that you lose all your data back to your last CLEAN (non-infected) backup. These types of infections often get included in backed up files and they can not be considered clean by default. Then you have to hire someone to either re-install WordPress for you or clean your host. Prices start about $250 and could be much higher if your database is involved. Perhaps even worst than this is that even after you get your site clean, you have 5-7 days of paperwork before Google will un-blacklist you. In the meantime every visitor to your site will see a nasty red popup that BLOCKS your site and lables you as an attack site. Consider for just one moment what THAT is going to do for your business.
Please guys, remember that even blogs need to practice Safe Hex!

0 comments:

Post a Comment