Malware Hitting WordPress Websites

Not going to lie, but your WordPress website could already be compromised.
code 2

Those are the words that no business owner ever wants to hear.

But with the recent increase in cyber security incidents around the globe, it is not just workstations (your laptops, and desktops), or servers that are being hit with malware, but a whole lot of us often forget that our websites are also an entry point for cyber threats.

If you are on the economical side of things, you will probably also buy some email accounts from your website hosting provider. Simply because why not? They provide it, it is low cost, they promised some form of security, some storage, and the core feature is that your company is able to send and receive email on the cheap.

Now, don’t get me wrong, cheap is always good, that means you will have money for something else in the company, like a retreat, or a fancy night out for colleagues to celebrate the new clients that are onboard.

We here at CTARe, always believe that the above mindset can have its adverse effects. Cyber security, be it in your company or your website, should start from day zero when the company is incorporated, and not on the day when your company has been breached by a cyber threat.

A cyber threat can stay hidden for as long as 8 months before it is discovered. That is IF your company’s cyber security team is even looking, or actively scanning for them.

Imagine if you do not even have IT personnel, then what?

The recent cyber threat is a keylogger. This is program that is able to record what you typed. This cyber threat is not something new, your workstation, and server anti-virus should be able to detect and remove those…but only if they cam through the workstation or server.

This attacks are now coming in from your WordPress website, and since we are seeing the numbers of complaints about this attacks on the rise, we can safely say that website security is quite the vulnerability that most businesses have right now.

So what allowed the cyber criminals the access to the compromised company websites?

Security researchers over at Sucuri found out that a malicious strain has been making it way around WordPress websites, and not only does it have a keylogger in it, this cyber threat also has a digital currency mining capability.

This threat can essentially use your website resources to mine for digital currency.

The first sighting of this strain was in April 2017, and it was updated in November 2017 with the keylogger ability, making this a newer strain a little more difficult to remove for some WordPress websites.

Singapore Computer Emergency Response Team (SingCERT) has also issued an alert for WordPress website owners in Singapore.

How can you defend yourself against it?

First of all, be invested in your company’s defense by adopting a suitable cyber security posture.

  1. Have an IT personnel is a great way to start with, you may run a business, but you cannot be an expert in all aspects of your business.
  2. Ensure that backups for your servers, computers, and website are done.
  3. Also be sure to include an anti-virus solution for your servers and computers.

None of those in place? This is where outsourcing and delegating can help you out.

Outsourcing is no longer a dirty word, and if you are still opinionated with it, it is time for a new mindset. You want to run a business, not run in it, and then burn out because you cannot give up control, and want to do everything.

Aside from that, make sure that your WordPress administrative login page is not the default: www.yourcompanyname.com/wp-admin

Make certain that your administrator login credentials is not ‘admin’, followed by an easy to guess password like ‘password1234’.

How can CTARe help?

Simple: let us manage it for you. Our managed IT solution not only helps you in your IT administration, we also provide backups, and cyber security for your workstations, servers, and website.

If you do not know where to start with your cyber security posture, just have a conversation with us. Basic consultation and network assessment is free of costs, we are waiving the associated costs of US$2,625 (SGD$3,675).

Find out more about our managed IT solution here, where we provide the complete IT solution.

Just looking at just website security? Look at our managed website security here.