Who would want to hack MY site?

by Tom Davis

Website Maintenance Via the School of Hard Knocks

You know it is bad when even the mainstream business press is bringing it up.

"Wordpress Under Attack: How to Avoid The Coming Botnet"

We commonly bring up the need for web site maintenance to clients and prospects alike -- usually on deaf ears. Most people unfamiliar with managing a website are not aware that every web site is constantly under attack by software robots (bots) that are designed to exploit weaknesses in various site structures. Once someone is aware of this threat, the next stage of denial is voiced as: "my site is just a little site, who would care?". It is not you they want, it is the staging point of your domain or host. The goal is to either spread malware to your visitors, or simply use your site to stage other malicious activities.

Early on, the easiest exploit was called an SQL Injection exploit. Because many site builders did not properly secure how they handled URLs on their site, it was possible for a bad person to cause an error that gave them access to your site. It was not simple in that anyone could do it, but there are armies of capable programmers throughout the world that can pull this off. And they still keep trying - I see the attempts in my site logs every day.

Why Wordpress (and other CMS's) need constant attention.

Now that most websites are being built around core systems like Wordpress it is possible for the malicious bots to look for specific types of sites and attack them with known successful exploits. The sheer number of unmaintained Wordpress sites make this easy. In the scheme of market share, Wordpress has the largest number of sites using their system. This success is partly due to how easy it is to setup and use. The problem comes when large numbers of these sites are not updated or they are abandoned. Old software makes for easy break ins.

Why don't people update? Most of the time updates proceed smoothly, but eventually most site owners have probably broken their site by updating a plugin that change enough to conflict with a theme that did not. (Or any of the other ways that sites break.) Also, the more your site has been customized the more likely updating software will break your site.

The lesson here is that you have to think about how your site is going to be maintained over time.