Recently one of our clients had their websites hacked. This was a very stressful experience for everyone involved. As part of our website development process, we load a software on our client websites to alert us if a suspicious file has been identified, however this infection was already widespread before we had time to react.
We moved quickly to find the infected files and remove them, however once we got that site cleaned up, the infection had hopped to another site hosted in the same directory. We cleaned up the second site and then, to our amazement, discovered that a third site had been affected before we were finally able to put a stop to it. Thankfully we then stopped the spread before any of their other 4 websites were infected.
Once we had the infection under control, we brought in our security experts to do a thorough clean of all the files, find the infection source, and remove any “backdoors” that may have been installed. The final piece of our clean-up was changing all user passwords, notifying Google that the site was clean, and having all users run scans to ensure that no malware remained on their computers that could cause future infections.
The culprit in these security breaches is often as simple as your website requiring a theme or plugin update. The damage, however, can be catastrophic. Besides having your website down with a big red screen saying “SITE INFECTION” – a major turn off to your clients, if your core website files are ruined during an infection – you can potentially lose your entire website. This is why having a website backup is so important! Another major issue is that Google doesn’t like infected websites, which can have a major impact on your SEO. Finally, of course, is the issue of cost associated with a website infection. There are costs for cleaning the infected files, hiring security experts, re-building your website should core elements be lost, and of course the opportunity cost of any lost business while your website is down, all of which can quickly and easily lead to having to spend thousands of dollars or more to get back on track.
Malware developers are constantly trying to find ways to infiltrate people’s websites…so plugin and theme developers are constantly working on improving their products in order to keep them out. This is why it’s so important to install website updates from the plugin and/or theme developers, especially anything security-related, as soon as possible.
We take website security very seriously and we continue to take additional precautions internally to do our utmost to protect the security of our client’s websites. While we cannot guarantee that a website hack won’t happen to you, we can offer solutions to minimize risk.