Recently, a formerly trusted plugin was found to be a gateway for SPAM to get into 1,000,000+ websites. The plugin was called “Social Media Widget”.
It provided a simple enough function. It allowed users to easily add links to their social media accounts. Something like the picture below.
If that was all the plugin did, it was fine. But when v4.0 of this particular plugin was released, it contained some undesired code which allowed SPAM to infect many websites.
Once we saw this in Google+, we immediately went to our website management console and found that we had 4 websites using that plugin. We use a WordPress Management console called Infinite WP. It’s a great tool that I’ll post a video about in the future.
InfiniteWP allowed us to search through dozens of websites, bulk deactivate and delete the offending plugin and within minutes, our websites were secured and the SPAM vulnerability was mitigated.
We pride ourselves on the safety and security of the websites we manage for our clients. Among the many measures we take to ensure your business website’s security are the following:
- We use strong unique passwords for each website and database.
- We use only managed WordPress web hosts (one that specializes in WordPress and takes security measures seriously)
- We use several security plugins on each website to combat many basic and advanced website attacks.
- We make regular automatic offsite backups.
- We keep all plugins, themes, and WordPress core updated regularly
- Our highest traffic sites are encrypted with SSL security for logins and all administrative tasks.
If you are a client or ours, be assured that we value our relationship with you and we spend hours each month maintaining the security of your website.
For others reading this article, how do you manage the security of your WordPress website? We’d love to know in the comments.