Foundations First Marketing (and many of our clients) rely on WP Engine, a WordPress hosting service, to make sure this website and our clients’ website projects are stable and secure. When news broke that a vulnerability in some WordPress sites had led to the defacement of some 1.5 million web pages across 39,000 unique domains, we knew we and our clients could rest easy.
WordPress closed the vulnerability weeks ago, with the 4.7.2 update on January 26. The defacements didn’t begin until over a week later, after the fix was disclosed on February 1, and increased exponentially in volume over the course of a few days. Hackers targeted sites that were still using WordPress 4.7.0 or 4.7.1.
Automatic updates protect websites
Websites hosted by WP Engine, though, were safe. Some sites had chosen to opt out of automatic WordPress updates, but WP Engine updates all its sites with a new WordPress version as soon as it is released.
Web security company Sucuri made WordPress aware of the vulnerability last month. By working with WordPress hosts and Web Application Firewalls, WordPress security experts determined that the bug had never been exploited by outside actors.
WordPress is by far the internet’s most popular CMS, powering 27 percent of websites, the company says. Even though this makes WordPress technology a big target for attacks, it also means an army of professional “white hat” hackers is hard at work on identifying vulnerabilities before they are exploited.
Security beyond basic WordPress
To add more layers of security, WP Engine augments its platform with extra security features, including:
- Malware scans
- Daily backups
- Real-time threat detection
Proactive protection against security threats is one reason we choose WP Engine.
While vandalism campaigns are usually reversible and involve hackers who are simply seeking to make a name for themselves, there have also been attempts to exploit the latest vulnerability to execute malicious commands on certain WordPress sites, Sucuri warns.
Our clients want the peace of mind that their websites are safe from security threats. Website vandalism can be embarrassing, and makes users call into question whether their personal information is safe with the site owner. More malicious attacks are potentially catastrophic for a web business.
We’re glad WP Engine has our clients’ backs.