1. Welcome to DNTrade. If you want to find out about the latest domain name industry news or talk, share, learn, buy, sell, trade or develop domain names - then you've come to the right place. It's a diverse and active community, with domain investors, web developers and online marketers - and it's free! Click here to join now.
    Dismiss Notice

wordpress hacking

Discussion in 'Web Development' started by findtim, Dec 9, 2016.

  1. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,464
    Likes Received:
    1,637
    auDA Member:
    Yes
    end of year thoughts.

    old news but worth a re-read whilst thinking about next years growth areas
    https://sucuri.net/website-security/website-hacked-report
    "On average, we clean 132 files per compromised site. This shows how deep the malware can be embedded within a website."
    "Over 78% of all the websites we worked on in the first quarter of 2016 were built on the WordPress platform"
    "As of March 2016, Google reports that over 50 million website users have been greeted with some form of warning that websites visited were either trying to steal information or install malicious software. In March 2015, that number was 17 million."

    the report is simple full of gems !

    2015 was my WORST year for hacking, but i got it all together late 2015 and 2016 has been almost hassle free and if i have had a bad hack i have been able to fix it within hours.
    to find out what to do just search "top 10 things to prevent wordpress hacking" or something like that, all pretty basic repeated in every article but nobody does it.
    i use a combo depending on the site, wordfence, sucuri, bullitproof, [ its not so much the software its the settings you impose on the site ] + move login, change database name, cloudflare. Then a good host with good backup procedures with archive, infiniteWP for plugin updates, dropbox, googledrive for storage, updraftplus, backupbuddy......... like i said variations depending on site.

    I've also done some research on web designer sites and most on top of designing promote SEO, very few promote hosting, domain registration which can either be a hassle or a nice little earner, and EVEN LESS promote hack prevention as an add on. To do some research i sent emails to a few asking for what i get with them designing my website, almost all replies were "cut and paste" answers, i even just got sent the link to their website ! page with packages which didn't give much detail. NONE mention security included or otherwise !!

    I see security as a huge area of growth, far easier to expand your present and potential client base with services they truly need as a method of growth rather then just putting up your price.
    My clients have been very receptive to increasing their costs for these added features as they can see real benefit from them, its VITAL they see the benefits and this report is a good one to take snippets from in proving your case.
    In 2015 i suffered from a " its my fault" mentality when it was potentially happening to masses of people, yes my fault for not having a system that i previously didn't need but not my fault it was being hacked. it was also something i hadn't costed in the time either.

    Now its a complete turnaround and Increased security and responsive conversions I see as good growth areas for me in 2017.

    just some of my thoughts as its this time of year i slow down and think of next years goals, if anyone else see's some opportunitiesand would like to share i am sure there are enough customers @ for all of us.

    tim




     
    chris, DomainNames and Rhythm like this.
  2. nt81

    nt81 Membership: Community

    Joined:
    Jul 22, 2013
    Messages:
    443
    Likes Received:
    44
    Hi Tim,

    As a small hosting provider, I can truly say that Wordpress and the raft of poorly coded "free" plugins are the underlying cause of all of this in the first place. With Wordpress powering something stupid like 25-30% of all sites on the public facing net these days it has a gigantic target in crayon scrawled over it.

    In my experience, even with the CXS real-time exploit scanner (and to a lesser extent ClamAV) running behind the scenes, you can still have Wordfence installed and see websites be compromised. Though this has greatly mitigated the number and severity of most attacks over the past 12 months.

    As you mentioned, having decent backups is key. But that means nought if you don't install Wordfence at very least and keep every single plugin update and the core of WP itself updated.

    Where I work, we tried to roll out a monthly plan to clients for Wordpress "pro-active" support plans using Infinite Wordpress. In the end, 95% of our end users preferred to deal with it when it became a mess, rather than having pre-paid hours to ensure their sites were secured and fixed immediately when hacked.

    Disposable society. Good luck!
     
    Rhythm likes this.
  3. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,464
    Likes Received:
    1,637
    auDA Member:
    Yes
    yep, good info, all you can do is have those fees detailed upfront and if/when it happens stick by them.
    wp have plans to take 50%+ of the market which i think they can easily do which means the hack market is just going to get bigger in the future.

    one other thing i forgot to mention was public liability and professional indemnity insurance which should be considered if marketing this aspect of a business, not a pitch but i contacted fentongreen.com.au and got quotes, its was @ $450 p/c for liability and $550 for indemnity.

    tim
     
    Rhythm likes this.
  4. Guidex

    Guidex Membership: Community

    Joined:
    Nov 25, 2013
    Messages:
    222
    Likes Received:
    36
    Happened to me, installed a free members plugin which had an exploit and someone massacred my DB's and redirected ever page to spam surveys. Had to do a wipe and go from a backup. Stopped using WP now
     
    Rhythm likes this.
  5. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,464
    Likes Received:
    1,637
    auDA Member:
    Yes
    thats a bit knee-jerk, its still by far the best community in my view, at least you have VERY active uses producing both free and paid solutions to almost everything you could think of wanting to do in a development and its not beyond doing your own coding wherever you want.
    backup backup backup and you will have no long term issues.

    tim
     
    johno69 likes this.
  6. Guidex

    Guidex Membership: Community

    Joined:
    Nov 25, 2013
    Messages:
    222
    Likes Received:
    36
    There's so many alternatives though, I still have it running on some of my older websites that are ranked to avoid any serp issues but other than that I've switched any new properties. Good points though.