Another Security Breach in the World of WordPress

wp_security_141210275505_640x360According to Search Engine Journal, see it HERE, over 100,000 WordPress sites have been infected due to a Russian malware attack called SoakSoak. Now, to be fair, this isn’t an attack on the WordPress site itself, rather a plugin for the site called RevSlider that is used in many of the WordPress themes. But you already know enough not to use plugins – right? Unfortunately, this plugin is buried so deep in some of the most popular WordPress templates, users wouldn’t know they are using them.
The not-so-much-talked-about issue is that over 11,000 of these sites have been blacklisted by Google already. So what does this mean for Search Engine Optimization (SEO)?

In a previous post, we had discussed the security vulnerabilities in plug-in based template sites and the latest malware attack is a perfect example. The problem: many of these plug-ins are not easy to update and leaves not just the plug-in but the whole website in jeopardy. Each plug-in (and there are literally hundreds) can be developed by a different business or individual who is responsible for monitoring security threats and creating fixes. If your website “solution” relies on 4 different plugins (not uncommon) that translates into a lot of potential issues with many different hands touching a site. Most of which support and provide these plug-ins,
for free, raising the issue of how “motivated” are the developers to stay current with vulnerabilities.

We all know the importance of having a good business website and ranking high on search engines, Google specifically. Over the past few years, WordPress has been used to create quick, fast business sites. But what happens if one of the hundreds of different plug-ins from a hundred different companies are affected by a security flaw and your site suddenly disappears from the search rankings? From experience, getting a site back up in the search rankings is not as simple doing an update and suddenly you are back to #1 or #2. It takes time for Google to re-index and confirm that you are indeed, a clean site.

Imagine that you are a small consulting firm, using your website as a way to generate leads. You are currently ranked #2 on Google using your WordPress site. So far, things are going well. You are generating 2-3 conversions per week and business is growing. Suddenly, a malware attack strikes and your website can’t be found on the first 10+ pages of Google search. Now, you have to spend precious time and resources researching the problem, fixing the problem, and waiting for Google to “OK” your site again. Two weeks have passed and you may have potentially missed out on 6 new clients and this is ONLY if you can gain back your #2 spot.

In this day and age, security is important! As a business owner, your website is your image and your brand. It would be devastating for your business to close your store for 2 weeks because someone boarded up the door and you have to figure out a different way to let your customers in! Making sure to have a secure, well-coded website is a smart business investment and although it isn’t a 100% guarantee that a security issue won’t happen, you are 100% guaranteed that your website will have a secure foundation from the beginning. And if the worse should happen, a good development team will get your site fixed as soon as possible and it will be back to business as usual.

In summary – we leave leave you with this question, “Who’s backing your site?”
If you’re not enthused about maintaining 8 moving pieces of your website, from eight different developers, most likely from 8 corners of the world – you may ready for a new experience in web design. We encourage you to give JB Systems a call – our custom website brainstorming sessions are free – as is a great cup of coffee.