Rotate your device to portrait mode

WordPress website hacks, vulnerabilities, exploits and backdoors

It must be that time of year again, as the number of hacked WordPress installs is on the rise, so it’s imperative that you keep your website updated.

What should I look out for you asked. Well, we are glad you did, so below we will give you a few tips.

Themes & Plugins.

If you have a pre-made theme with a stack of included plugins, chances are that you are not running the latest version of those plugins as the theme builders can’t always update the plugins as quickly as the dev releases them. This also requires you to manually download the entire zip of the theme and do an update – not something that most people can easily do.

The two most common plugins included in pre purchased themes we see are Sliders and Page Builders.

If your theme came with a bundle of included plugins that are not updated, you can either pay for your own license for them, or hope they get updated in your theme quickly.

WordPress Build Version.

WordPress generally autoupdates itself when a critical release happens these days. However, sometimes due to plugin or server restrictions it can’t. So if you notice that there is a new WordPress version, you want to first make a backup, check all your plugins are compatible, run the update and hope that the site doesn’t topple over.

PHP Version.

Is your hosting still stuck in 1986, making you pay for SSL certs and only allowing an old version of PHP 5.6?

It might be time to move your hosting elsewhere, as PHP has exploits discovered regularly that require it to be updated and if your hosting is not allowing that you could be open to a nasty surprise.

Security Plugins.

Are you running a ‘firewall’ or some Anti-Malware software on your website? If you answered no, it might be time to have something that adds an extra layer of security to your WordPress website.

There are so many options, but we seem to find All In One WP Security & Firewall a nice and speedy option, with Sucuri Security good to scan sites and go over ones already hacked.

Unfortunately, it is almost impossible to stop a hack if the exploit hasn’t been discovered, and we have seen many sites that have been compromised that had 2-3 Security plugins running. We found one site had a dormant exploit in the functions file for almost 2 years after sifting through their backups.

What do I do if my WordPress website has been hacked?

You can get in contact with us, and hopefully we will have your website back up and running in no time.

Creating beautiful websites since 2006

Ready when you are

Get in touch to talk about your next web project by emailing, calling us, or by filling and submitting the following form.

We look forward to hearing from you!
Phone02 8004 3387

Kinski & Bourke
Copyright © 2006 — 2020

Say hello