Protection from Hackers and Immunity From Cyber Attacks

WP_Upgrade

Why update WordPress, plugins, and themes?

The answer is simple

  • Increase security – repairs security breaches, updates to combat newest generation of hacker technology
  • Fix bugs – install patches to lessen vulnerable and install solutions since software was released
  • Add features and functionality as technology increases. Web apps such as WordPress are software, so you need to update them just like you update your operating system (Windows or Mac OS), applications, smartphone apps, etc.

Why update WordPress, plugins, and themes?

Increase security – Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, update! When any expert talks about WordPress security, one of the first things they mention is to install updates.

Hackers and other malicious parties watch the release notes. As soon as they learn of a vulnerability,

hacked

they start exploiting it. So, you need to update as soon as possible to reduce the time that your site is vulnerable.

Fix bugs – Updates to WordPress core, plugins, and themes often fix bugs that were discovered in previous versions. To get the fixed version, update!

Add features and functionality – Updates to WordPress core, plugins, and themes often add new features and functionality. To take advantage of them, update!

Web Hacking: A Real Yet Underestimated Threat

Web hacking is a real threat these days. At the level of our clients, its not so much a matter of stealing your data, but more so the threat is more along the lines of ‘digital vandalism’ which can shut down your site. Quite common is a Distributed Denial of Service (DDOS) attack, which is basically an automated bot generated attempt to submit large volumes of forms. The result is to overwhelm the server, which not only consumes and occupies server resources, but ultimately reduces site availability for legitimate users. This will trigger your ISP to disable and shut down your site.

The threat is real, and unless you are prepared, its is only a matter of time till you are invaded. There is no 100% absolute solution to cyber attacks. As prevention devices become more secure and elaborate, so does the technology to defeat and penetrate them. The measures described below proved to be 98% effective to stop an attack on a local ECommerce website.

Nature of the Problem

We were alerted to the problem by the ISP who advised there were an exceptionally high number of attempts to submit user forms on the website.- over 28,000 robotically generated forms were submitted in a week – over 4,000 per day! We determined the problem was a Distributed Denial of Service (DDOS) attack, which is basically an automated bot generated attempt to submit large volumes of forms. The result is to overwhelm the server, which not only consumes and occupies server resources, but ultimately reduces site availability for legitimate users.

Preventative measures instituted

  • Update, install and activate WordPress updates as new versions are released. (usually 3-4 times a year)

  • Update, install, activate and test all plug-ins and widgets to the most current versions as new versions are released. (monthly is not uncommon)

  • Permanently delete any plugins and themes that were not currently activated

  • Install, set up and activated CAPTCHA plug-in on all forms which prevents automatic submission of forms by robots.

  • Install, set up and activate Caching plug-in which will will not only supercharge the site for speed, but more important will make it more difficult for hacker to access cookies
    and site information.

  • Install, activate software limit the number of login attempts, thus render it impossible for a hacker or Bot to systematically crack passwords.

  • Scheduled monitoring and deletion of unsolicited site comments and robotic signups.

Effectiveness of preventative measures

One week after preventative measures were taken, there were only 36 forms submitted. This represents a decrease of 98% which would indicate the preventative measures have successfully contained the problem.