In the last couple of weeks I have cleaned up a few infected/compromised WordPress installs. The main source of these infections have been outdated plugins. For the ones I’ve fixed the hack mainly appeared to be coming from older versions of Gravity Forms that hadn’t been updated.
I did notice that client sites with the outdated plugin but running on WP Engine Hosting were not affected at all.
While fixing the sites I ran across these presentations by Mark Montague
The first is an updated but significantly cut down version of a presentation he gave at WordPress Ann Arbor in January 2014.
What should you learn from this?
- Attackers don’t attack your site personally (for the most part)
- They do this to send out spam with your site (mostly)
- They do it because it’s easy
- Update, Update, Update!
- Use better hosting like WP Engine to prevent hacks when you don’t update
Some of the links in all posts may be affiliate links, which means I may get a commission if you end up purchasing their product or service. You will never pay more by using my link compared to what you would pay if you went directly to their website; in fact you may receive an exclusive discount. And it helps me keep the site running!