Content Injections! Are You Secure?

Yep, you read the title right. Over 1.5 million pages defaced, over 39,000 domains. Sucuri announced on February 1, 2017 that they saw a rise in defacements using a WordPress Rest API vulnerability. Sites that are on WordPress 4.7 and 4.7.1, were advised to upgrade to WordPress version 4.7.2, which addresses the vulnerability.

For those of you not familiar with hacking terms, defacement is a term in hacking where the visual look of your website is altered. These defacements can happen through code injection from vulnerable themes and plugins or old WordPress versions, or direct access from poorly chosen passwords for WordPress, your web host or even FTP accounts, and much more. Defacements aren’t fun for website owners, as the defacement could be something like “You’ve been hacked by…” or “You’ve been just owned by…”

Defacements can deter visitors from coming back to your website, or prevent others from wanting to enter it, as some defacing can be indexed by Google, and shown in the search engine results.

Upgrade Your WordPress Site to 4.7.2

WordPress released a fix with version 4.7.2, on January 26, 2017, but not everyone has upgraded to that version. If you haven’t upgraded, and your website was submitted to Google Search Console, you should’ve received a message from Google via email, advising you to upgrade.

It’s been a few weeks since 4.7.2 was released, and even here at WP Fix It, we see a lot of websites that haven’t updated to the latest version of WordPress. Many of them have been defaced or had some type of malware inserted.

How can you try to avoid a defacement or malware problem? Well, it’s extremely important to keep your website’s WordPress version, your plugins, and themes up-to-date, in order to deliver a much safer experience for you and your website visitors.

However, you should do more than just keep your website’s software up-to-date. It’s important that you have a security plan for your website. You should have a sturdy and reliable security plugin installed and configured, that can help scan your website regularly for possible malware, or other problems. Your security plugin should also have the ability to help you tighten the security, or harden it, so you can prevent snoopy bots and hackers from seeing or accessing your files. You should also have a firewall in place to deter bad bots, and really should be using passwords that are hard to guess.

Understanding WordPress security can be tough, and this post may be a lot for you to take in, but that’s okay. The point of this is post is to inform you that you need to make sure you upgrade to WordPress 4.7.2, and that it’s important to keep your website updated to the latest version of WordPress. We offer an infection cleanup service at WP Fix It, that we make sure your website is clean of malware, and also set up the right security plugins and tools, in order to help you deliver a safe website experience for your visitors. Before you upgrade, don’t forget to make sure to create a backup of your website. If you don’t know how to do either the upgrading or creating a backup, part of our infection cleanup service is to make sure your website is up-to-date.


PLEASE READ THE BELOW VERY CAREFULLY:
We STRONGLY SUGGEST you get your site loading in HTTPS before Google dings you.  They recently starting flagging sites that do not load with HTTPS.  Not loading your site this way will also affect your search engine rankings.  Please read THIS ARTICLE and we can help with service at the link below.

https://wpfixit.com/wordpress-ssl-https-service/