Are You leaving Your WordPress Website Vulnerable to Attack?

Laptop with WordPress website on screen

Do you have a WordPress website? If you do, you’re in good company. WordPress sites actually make up 14.7% of the Top 100 Websites in the world including TED, NBC, CNN, TechCrunch, People Magazine, the NFL, Best Buy, CBS Radio, and UPS to name just a few. In fact, according to a study published by whoishostingthis.com, 35% of the entire internet is powered by WordPress and according to W3techs, WordPress has 61.8% of the Content Management System (CMS) market share – more than all other systems combined. Not only that, but WordPress is STILL growing!

The question is, do you really need to update WordPress EVERY TIME there is a new update? Actually, yes – there can be huge costs to ignoring those update notifications on WordPress. You have to be proactive and make sure your WordPress site is updated regularly. There are several reasons why.

Why keeping your WordPress Site Updated Is So Important:

1. Security

Website Security for WordPress

Since WordPress is open-source, anyone can study the source code to learn and improve it. This is great and is the reason why WordPress has so many amazing free plugins. But this also means hackers can study the source as well and find ways to compromise WordPress websites. Updating to the latest version of WordPress avoids the vulnerability that could have been in the previous versions. This prevents hackers from inserting malicious code.

How do you know your website has been hacked?

Sometimes, it is subtle, like your email list grew ten-fold overnight. Or, your website resources are working at full capacity all of a sudden but you normally do not have that much traffic. You may find plugins installed that you never installed, or new users/administrators in your WordPress. Here are some more obvious examples of website hacks:

Your password has been changed without your knowledge:

Wordpress login screen

Your WordPress database cannot be found:

database error message

You get a redirect notice when going to your website:

redirect message

When googling your website, you receive this warning:

google website may be hacked message

You receive this warning when visiting your website (if you don’t have an SSL certificate and your site is not secure, this can be the issue. Read our blog post on Security Warnings for more information on this):

site may contain harmful programs message

Your website has been defaced (here are some examples of what that could look like):

vogue website defacedutah office of tourism defaced angry birds website defaced

So, the saying “If it ‘ain’t broke, don’t fix it” simply doesn’t apply to WordPress sites.

2. Bug Fixes

big fixes

Despite the rigorous testing before updates are released, sometimes bugs may slip through the cracks. Bugs are errors in a computer program or system that make it behave in a way that the developer didn’t intend it to. Bugs can cause weird glitches or even make things crash. To make sure your website keeps running smoothly, it’s essential to implement these fixes, and with each WordPress update, bugs are addressed and fixed.

3. Performance and Features

New Features and Performance

WordPress is continually being improved. Each new release and update contains new features and performance improvements that allow your website to function better with greater performance and speed. Better performance means better SEO, therefore you want to make sure your site is up to date to take advantage of the best possible organic SEO ratings Google has to offer.

4. Plugins and Theme Updates

Plugin and Theme updates

Don’t forget to update those plugins and themes as well! WordPress core installation is not the only thing that can be exploited – don’t ignore those plugins and WordPress Theme. Plugin and theme developers may coordinate their updates with major WordPress update releases to warrant they are taking advantage of new WordPress features. If you are not updating your plugins and theme when an update is available, you could be limiting the functionality of your site or even leaving your site vulnerable to security risks.


Now that you know that it is important to keep your site updated (and why). How in the world do you update your site?

Minor releases that include security and bug fixes are sometimes updated automatically, which is awesome! However, you will need to log in to your WordPress dashboard regularly to see major WordPress updates, PHP updates, and when plugin updates are available.

If you haven’t updated your website in a while, the process could take some time and there could be issues that need your attention. This is great if you have WordPress knowledge – kudos to you; however, we highly caution you if you aren’t certain, as you can break things. If you run into this issue, contact us, we can help.

Pro Tip: In some cases, an update to these plugins or themes can actually break your existing WordPress plugins. This happens when plugins aren’t compatible with your version of WordPress. It is important to keep regular WordPress backups and to check your site after updating that all your plugins work and that your site is running (and looking) the way it should.


Feeling Overwhelmed? Don’t have the time to Regularly Maintain your Website?

We can help you with that. Check out some information about our maintenance plans here; we can take the guesswork out of maintaining your website.

TrevNet Maintenance Plans

It is key to remember that just like in car ownership, a website needs maintenance, and maintenance is always cheaper than repair. That is why there are mechanics to help with that maintenance and repair! Let us help you with your website maintenance. We have plans that take the stress out of remembering when and how to update your website so you can focus on what your specialty is – running your business. Our area of expertise is development and we know websites!

Review information about our most popular maintenance plans here, and if you need a custom solution for your business, contact us – we would be happy to talk with you.

Help! Facebook Spam Messages

Wow, that many people have viewed my profile on Google? Or wait…is it YouTube?

If you have received a private message on Facebook from a friend (and it could be a friend you trust!) with a video that says you’ve received an outrageous amount of views on Google or YouTube (or any other site) with your name on it, they all have one thing in common:

These messages are bogus

I have received several of these in the last few months, here is what they look like:

Look, ma, I’m famous! 595,902 views!! Or…not. This is just a clever phishing scam to get you to click on the link. It’s pretty enticing, right? DON’T DO IT!

What Happens When You Click On The Link:

The message is a scam. There is no video. If you click the link, you will be taken to a fake website designed to look like a Facebook login page.

“What is the harm in that”, you ask? This fake page, asks you to log into Facebook again. It looks identical to Facebook, but it isn’t Facebook. If you login through this page, the scammers steal your information and hijack your Facebook page. After they do this, they start sending private messages to your entire friend list like the one I’ve shown you in the picture above, with the same link you received. Once they have access to your Facebook page, they can post, send and link apps on your behalf.

Criminals can also use this or similar schemes to trick people into downloading malware or installing other apps and malicious browser plugins.

What Do I Do If My Account Has Been Compromised?

Try to secure your account as quickly as possible. The first step is to change your password. Go through all your security settings. It is quick and easy.

Secondary to that, go through your messages and let your friends know (those who were messaged) not to click on the link).

Facebook has some great help links, it is a good idea to see if anything else has been compromised. Most likely an app has been authorized and needs to be removed from your account. I

If you think yours or your friend’s account has been hacked, you can read more about that on Facebook’s help center here.

Are you sick of spam? We’re reducing email spam now!

Trademark300dpiThis week we are rolling out some new updates to our mail server which will help reduce the amount of spam being received by our customers. We’ve recently noticed an increase in spam over the last few months and decided to take action. This update will include a new settings panel in cPanel called “MailScanner Configuration”; here you can fine-tune how you want to handle a message when it is detected as possible spam. We went ahead and configured this for you and you should already be seeing a reduction in the amount of spam received.

You may start to see some emails come in that start with {spam?} or {Disarmed} but this is just the new spam blocking system working. You can delete these emails if they are spam or treat them as you would a normal message. If you have any specific questions or would like us to make some changes to your account, please contact us or open a support ticket.

We are always striving to improve the quality of service at TrevNet Media – and no one hates spam email as much as we do!

Heartbleed Vulnerability Update

heartbleedThe Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows information to be stolen that is protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Services at TrevNet Media

We have been asked multiple times over the last week regarding our hosting infrastructure, your data, and our managed hosting servers. All of our effected servers have been updated and the security hole has been patched. Due to the nature of this security bug, it’s not possible for us (or anyone else effected) to tell you if your passwords may have been compromised since no data is logged. We can, however, assure you that all of our managed servers running OpenSSL have been updated since April 9th.

Heartbleed Explained

The problem affects a piece of software called OpenSSL, which is used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords, and cookies) cannot be seen by others while it goes from your computer to the website.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: this is the heartbeat.

Check out this article to read more about how it works.

heartbleed_explanation.png.pagespeed.ce.jwNX4Q4jukSource: http://xkcd.com/1354/

What you should do

If you want to be on the safe side, we would recommend that you reset your passwords on any accounts you have with our services where you connect with SSL. While we don’t know if any data was stolen while any of our systems were vulnerable, it’s a possibility.

Over 60% of the internet was effected by this bug; this includes many popular sites you most likely use, or have used. Check out this list to get up to date. It includes websites like Facebook, LinkedIn, Google, GoDaddy, Netflix, Hulu, and more.

Inspiring Work Spaces

Shirts

This past week we had a contest across multiple social media channels asking people to submit pictures of their offices, work spaces, or simply the view from their perspective while working. In turn, the prize for the most “liked” picture would be an amazing custom designed TrevNet T-shirt.

We had some great responses from Twitter, Facebook and Instagram. Not only did we see pictures of your average indoor offices but we saw perspectives from military personnel, work-from-home professionals and some pretty creative perspective shots.

We are glad the winner wasn’t left up to us because it would have been hard to choose the best one. To give you an idea what amazing entries we had, check out all the submissions below:

Looking at all these offices got us thinking. You all need to decorate! Inspiration is hard to find so we figured we would help you out with some inspiration. Here are some great office spaces we found that would make anyone want to redesign:

And the Winner Is:

After a week of submissions, and 7 days of waiting (wait, a week is 7 days, right?)…the picture with the most likes, shares, comments (and views, but really – likes are the only thing that count here) is – drum roll please – Justin Willemsen!! Justin’s photo was posted to Facebook so, Justin, we will be contacting you via FB to get your information and send you your prize. Check out Justin’s amazing photo below; what an awesome shot. You got skillz, son.Justin

And Just because we are feeling super generous…

The picture with the second most likes will also be getting a prize! At a very close second, The Cupertino Soap Company Posted their work space view on Instagram and received quite a few likes. Check out how creative they got:

cupertinosoap

Thank you to everyone who sent us their photos, it was awesome to see how everyone works, what inspires people and just how different everyone’s work environments are.

What is your ideal work space look like? It’s not too late to send us a photo or drop us a comment. Keep an eye out for our next freebie; what would you like to see next?