I’m not sure what has been going on this week, but it would seem that a number of client sites have come under attack.
The first sign of any trouble is the end user suddenly has their email inbox flooded with hundreds and hundreds of “bounced” email messages. A mailbox hosted on a web server can very quickly fill up with these messages and effectively cripple the email send and receive functions. That’s usually when my phone rings – email isn’t working.
In reality, the actual problem (certainly in the cases I handled this week anyway) is that the WordPress website has been compromised in some way and is being used to mass email these initial spam messages.
And in all the cases I was involved in this week, that was exactly what I found. Upon inspection, there was some unusual files sitting on the WordPress installation. Once cleaned, the spamming problem stops, but the “bounce messages” of course continue to be rejected until the mail servers give up (sometimes 2 or 3 days later).
The host we use for our shared hosting do not hesitate in shutting of both the web server and the mailbox that’s behaving as a spam relay. So at this point our customer is no longer email, but their website is offline too.
I do try and react as quickly to this problem if it arises, but this week I saw four attacks like this in just two working days.
As always, prevention is much better than cure and this emphasises the need for website owners to ensure that their WordPress (and other scripts) website are kept up to date. This includes not just the core script, but any plugins and theme also. Out of date WordPress installations are quite easy to discover and detect and when found are extremely vulnerable to a “drive by” hack.
Sadly in the cases I handled this week, none of the clients had any security care plans in place. These care plans are designed to proactively check, update and maintain the WordPress sites, but they can be seen as expensive. They act very much like an insurance policy – something that a small business might feel that they cannot afford the monthly financial commitment.
However, once a site is compromised and found to be a source of spamming, it not just the suspension of the website and email services that prove truly to be an expensive loss, it’s the reputational damage this can do to that small business. Loss of communications, reputation and opportunities all in one swoop is simply a loss that is very hard to measure.
- Make sure you have a security monitoring plugin installed and up to date
- Use Captcha on any WordPress admin pages, contact forms and commenting
- Use strong, complex passwords for user accounts
- Make sure you are either familiar enough with WordPress security to keep your WordPress site up to date (checking every few days!)
- Invest in a WordPress Care Plan and get a professional to do this for you.
If you’d like me to rescue your WordPress site, bring it up to date, make it secure and put a Care Plan into place using the technology I use, then please make a point of contacting me.