At EBN, we put a lot of effort into keeping your blogs secure and stable. Unfortunately, with WordPress, this is not always an easy task. By some estimates, WordPress sites account for 37% of all
websites on the internet and because of this, it’s very compelling for hackers to write malware for it.
And there’s A LOT of malware. Some blogs might receive 90% of traffic from crawlers that are rarely doing anything good – some might be SEO crawlers but more often than not, they’re scraping for vulnerabilities, or trying to brute-force login.
In the past few years, they’ve also become very creative. We’ve seen malware in .zip archives, .pdf files, even images, and of course, in themes and plugins. And from what we are seeing, the attacks are not slowing down.
We had to do cleanup after some large malware attacks in the past (like InfiniteWP) and they all came from outdated and vulnerable premium plugins which cannot be automatically updated.
What we’re doing at EBN to keep your blogs secure
We have several tools and processes in place to prevent and treat those sorts of abuses. One of the things we found the most effective is scanning every file uploaded to a server. The problem was that hackers can bypass WordPress upload validation, so we needed to build have our own upload scanning service.
The next step is to restrict the things plugins and themes can do. Unfortunately, this is a double-edged sword. On the one hand, it has the highest chance to prevent any malware from running, but it also often blocks themes and plugins because they sometimes use the same mechanics as malware.
The last major thing we constantly do is scanning blogs for malware. To be successful with the scanning, we need to have our malware database up to date. We’ve even created our own malware database, which increases the range of malware we detect.
What you can do to keep your blogs safe
Be more selective with plugins and themes. If you can, avoid premium plugins if they don’t have automatic updates. Try to use as few plugins as possible. This will lower the potential number of vulnerabilities, make your blogs easier to maintain, and often, make them faster. Do regular audits of your themes and plugins and make sure you’re not using a deprecated one. Automatic updates do not help if there is no version that fixes the vulnerability.
We hope these directions help you secure your blogs. And know that at all times, we’re doing our part to keep them safe from hackers. If you have any questions, don’t hesitate to contact us.