Imagine this situation. As a web hosting service provider, one day one of your web servers is hacked, causing hundreds or even thousands of your customers’ WordPress sites to be inaccessible and show error screens. Angry phone calls and emails follow soon. Can you afford to tell your customers their sites have no backups (or only long-outdated backups), all the lost posts, images and comments are gone for good, and the only resolution is to rebuild the sites? A business isn’t a business without a website these days. Once your customers’ years of hard work, blood, sweat and tears turn to dust, you can count yourself lucky if any of them still stay with you.
Even if it’s not about hacking, many different things can cause a site to crash or become vulnerable. That’s why a web hosting service provider should always back up customers’ WordPress sites. If you’re not convinced yet, here are the top 5 reasons that get you to act.
1. Brute Force Login Attempts
A brute force attack on WordPress is when someone attempts to gain access to your customer’s site by trying an enormous number of different username and password combinations. As WordPress has unlimited login attempts by default, hackers can exploit the WordPress login page and use this trial and error method over and over until a successful username and password combination is discovered. Even if it is unsuccessful, brute force attacks can still wreak havoc on the web hosting server because enormous login attempts may overload the system.
2. Using Outdated WordPress or Plugins and Themes from Suspect Sources
Your customers may expose their sites to risks and attacks unwittingly. By default anyone can find out what version of WordPress your customer’s site is running. Some themes may even show the version number on every page of the site. The reason this could be a security risk is that, if your customer is running an older version of WordPress, hackers will be able to target specific security vulnerabilities that have since been patched by more recent updates.
Another common way attackers can exploit is poorly-written and insecure plugins and themes from untrustworthy sources. According to a report by wpscan.org, of the 4,000 known WordPress security vulnerabilities more than half are from WordPress plugins. Files of torrented “free” versions of premium plugins and themes may have been modified to contain malware.
3. File Inclusion Exploits
PHP, the code that runs a WordPress website along with plugins and themes, is another security issue that can be exploited by attackers. File inclusion exploits usually happen when vulnerable code is used to load remote files that allow attackers to gain access to your customer’s website. There could be serious consequence once an unscrupulous attacker has access to the “wp-config.php” file, one of the most important files in your customer’s WordPress installation.
4. SQL Injections
Your customer’s WordPress website uses a MySQL database to operate. The database contains all the posts, comments, and links on the website. Attackers can gain access to the WordPress database and to all of your customer’s website data using SQL injections. According to Wordfense, SQL injections are the second most common vulnerabilities found in WordPress in 2016. With the injection, the attacker may be able to create a new admin-level user account, which can then be used to login and get full access to your customer’s WordPress website. SQL injections can also be used to insert new data into the database, including links to malicious or spam websites
Malware (i.e. malicious software) is commonly utilized by cybercriminals to gain unauthorized access to a website to gather sensitive data. The popularity of WordPress as a blogging platform and CMS makes WordPress a target for malware. A hacked WordPress site usually means malware has been injected into the website’s files. Take a look at the website’s recently changed files and one may be able to detect if any malware exists on the website. There are thousands of malware types on the web, but WordPress is not vulnerable to all of them. Some of the most common WordPress malware infections are Backdoors, Drive-by downloads, Pharma hacks, and Malicious redirects.
Without a backup, your customers’ WordPress websites could be lost forever because of the above security issues. You need a reliable backup solution in place to protect their WordPress websites from unexpected disasters. Click here to find out how Ahsay can help.