Category Archives: Website Security

WordPress Websites are great for site owners but also for Hackers

Most of the websites we have built today are WordPress. The reason for this is because of the content management system that allows the website owner to go in and make changes to their website at any given time. That is such a big plus because it is a very stable WSIWYG editor which is why so many clients love it. There are other great pluses about it including that it is an open source platform which allows for developers to create plug-ins that can enhance what the website can do.

Now that is the plus, the minus is that hackers target word press websites because they are open source and they do have weaknesses that need to be addressed otherwise the website can be hacked.

In most cases I have found that web developers do not put those extra layers of security to help prevent these break-ins. This is something that I set up for every one of my customers and then also recommend that they set up the Sucuri Security malware monitoring service to let you know if your website has been hacked and they will fix it at no additional charge. Because of this I have had several website owners that I did not build their website for have us upgrade their security to help prevent hacking.

New Service Being Offered – Website Monitoring to Stop Hackers

Website Security

Just wanted to let everyone know that we have just started working with a company that will monitor your website to help prevent hacks. Not only do they monitor and they will fix your website at no additional cost, it is well worth it and we believe in it so much that we are doing it on all of our current websites. Plus they also have a backup service so you always have a fresh copy of your website. Click here for details.

Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin

If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away.

During a routine audit for our WAF, it was found that a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required).

The vulnerability was disclosed to the plugin developer a few weeks ago, they were unresponsive. The developers were unresponsive so we engaged the WordPress Security team. They were able to close the loops with the developer and get a patch released, you might have missed it.

Protect yourself

This vulnerability is categorized as Critical. You need to update the Custom Contact Forms now, to its latest version asap.  If you have a WordPress website and have been infected, please contact us to assist with the issue.

Reference of security issue from Sucuri Security