Well-known local hosting company Afrihost recently suffered a wave of hacking attacks that affected 83 domains hosted on their servers. Most, if not all, the hacked sites were built with WordPress.

wordpress logoThis highlights the fact that while WordPress is a hugely popular and successful website creation platform, it does require an extra level of vigilance to keep it secure.

It seems as if the main entry point for the Afrihost hack was through outdated plugins on the affected sites. Afrihost, like many other hosting companies, sets its WordPress installations to upgrade automatically. However, this only affects the WordPress core – it doesn’t affect plugins and the theme itself. In the Afrihost situation, the compromised sites apparently had on average over five updates available for plugins and themes.

This serves as a powerful reminder that it’s not enough just to rely on automatic WordPress updates, if your site isn’t on a fully managed hosting service you have to periodically log into your site’s Dashboard and update your plugins yourself.

In our own experience at WebRabbit, we have seen this kind of website hack happening on other hosts as well, and it usually comes down to the same issue – out of date plugins and themes.

Is your website safe?

If your site is hosted through WebRabbit, we provide a managed service that takes care of the updating of both the WordPress core and your plugins and themes*. (*This is not to say that all hacking routes are cut off – it’s just that some of the usual entry points for hacks are reduced.)

If your site is hosted with another company, make sure you understand what updates it is doing for you and what it isn’t. Generally the WordPress core will update automatically, but you need to make sure your plugins also get updated – either by your host or by yourself.

To see whether your site is up to date, just log into your Dashboard and look at the Updates section in the left-hand menu. In the example below, the site has one update that needs to be made. Just click on Updates and the relevant updates will be displayed.

Wordpress dashboard showing update notification

Before updating any plugins and themes it’s a good idea to do a backup of your site. Once again, check whether your host is doing automatic backups, and if not, install a backup plugin that will create one for you.