Wordpress and Plone security

Mar 19, 2019
We recently had two of the Wordpress sites that we host, overrun by spammers. While Wordpress is very popular, it's also not very secure, so it's a favourite target of hackers. That, and the way it allows plugins to change the code gives us the heebie-jeebies.

The core Wordpress code and installed plugins regularly receive security updates, but those updates have to be installed and maintained. We see a lot of Wordpress sites that were set up and left alone for years, and those are a large security risk. Even a site that is moderately up to date might be vulnerable.

One of the compromised sites was under a support retainer with us, and we fixed it within a few hours, with no downtime on the site itself. The other one had no such support, so it took almost a working week to get it fixed by the original creators of the site, and the site was non-functional for most of that time.

Having your site compromised like this could also affect your email, since the site is usually taken over mainly to send junk mail using your addresses.

We can offer you a support service for your Wordpress site. We would get logins for the site and ensure that the site stays up to date and as secure as possible. If anything does happen, we will clean and restore the site.

On a side note
Our Plone sites have never been hacked like this. Plone has very strict security protections, does not have plugins that can touch the code in any way and receives security updates on a specific schedule. We typically apply those security patches within a few hours of their release. Contact us for more information on how Plone can work for you.

Subscribe to our mailer

We promise we won't spam you. Also, we're very entertaining.