Have you ever had your Facebook account hacked? That feeling of horror when you see posts that you know you didn’t create, or recommendations for porn sites even though you’ve never visited them? The aftermath is filled with mad scrambling as you try to repair the damage, change passwords, delete false posts, and hope that your friends know you well enough to know that such posts are out of character for you.
But now, imagine the same thing, only instead of just limited to a single social media site like Facebook, it’s out there on a publicly accessible WordPress blog. Here you are, blogging regularly, trying to build a decent online reputation, and some nimrod has hacked your blog and is issuing commands to your server. And the sad thing is, it’s as a result of vulnerabilities in two WordPress plug-ins.
According to this article, two WordPress caching plug-ins, WP Super Cache and W3TC, have vulnerabilities that can be exploited by hackers. If you have comments enabled, the flaws in these plug-ins can give a hacker the ability to issue commands to your server. The issue was discovered by a user back in mid-March.
With remote access to your server, a hacker can wreak havoc on your WordPress pages, ruining your visitors’ experiences, and leaving you holding the bag. After all, to the great masses out there, your site or your blog are the things which define you, introducing people to who and what you are. If your pages are compromised, the unfavorable impressions will harm your reputation. If you have a business, this can be catastrophic.
So your ship has hit an iceberg and you got water coming in. Okay, first of all, let’s get that hole plugged up. There are updated versions of WP Super Cache and W3TC. If you still want to use plug-ins, get the new versions, which correct the problem and prevent further damage.
Now that the hull is repaired, time to reassure the passengers. Post an announcement that there’s been a security problem, but it’s being corrected. This way, if they’ve encountered flaky stuff, they know it’s not your doing.
With the damage repaired and the passengers calm, it’s time to pump out the flood. In this case, the analog is removing harmful content and coding that hackers may have placed via remote commands.
Communication Is Key
Most people realize that hackers are an unfortunate fact of life in the online world. Additionally, most people are accepting of a bad situation if they’re kept informed about what’s happening, as opposed to being left in the dark to speculate what on Earth is going on. Let people know what’s happened; they’ll understand. You can emerge from an embarrassing incident like this with your reputation intact based on how you react to the problem, as opposed to the presence of the problem itself.
Sure, it may be embarrassing, depending on how badly your blog was compromised and how it affected your visitors, but if you handle the situation with grace, coolness under fire, and perhaps even a little humor, you may actually enhance your reputation!
May 23, 2013 at 5:36 am
Outdated WP plugins often pose serious security risks and this article is a perfectly good reminder of how important it is to keep everything up to date. Even the smallest hole can quickly turn into a disaster. Checked every plugin I’m using after reading this article. Thank you for the reminder, John.
May 23, 2013 at 1:35 pm
You’re welcome! It’s amazing (and a little scary) how some of the most innocuous things can make life difficult!
June 6, 2013 at 1:52 am
Thanks for the heads up! I just went and updated my W3TC plugin. Much appreciated!
June 6, 2013 at 3:09 am
You’re very welcome! Glad I could help!