Security Patches and Updates are common
Recently there was a major security issue with the Bricks Builder WordPress Theme. This is the theme that I recommend and use on most websites for a number of reasons.
Here is the thing, Security issues happen a lot more than people realize. BUT, this one was a doozy.
There are different levels of security updates
Not all security updates are the same. Often you will hear about a plugin or theme that has a security vulnerability. In fact, that is one reason people tend to move away from WordPress as a whole is because of security challenges that come up.
What people fail to realize is WordPress is an open source platform where the code is open source, theme code is open source and plugin code is open source.
So when there is a vulnerability, the information is available to everyone including bad actors and people with negative intentions.
The open source nature of WordPress has also led to its massive growth and adoption, and is a majordriver behind it powering over 40% of the websites on the internet. Lots of pros to it but that is for another post.
I will cover a few of the major causes of security vulnerabilities below:
Outdated WordPress versions or plugins
Like all software, as development continues and improvements are made, code is added, functionalities are added, new versions are released. These are good things. This means that progress is being made to provide better service to you the consumer.
Unfortunately, if there is new code added, there are opportunities that vulnerabilities can be introduced to the code. Most often though, updates are to improve features and functionalities. In some cases though, this can introduce new issues. Even through testing, some security flaws can be missed.
Outdated PHP version
WordPress is written in PHP as the foundation and as functionalities are improved, the codebase needs to change to accommodate the new features and functionalities. This means that new versions of PHP are being released.
When new versions are released, old versions may not be supported or protected. We see this a lot with WordPress where websites get left and not updated to the newest most secure versions and this is when vulnerabilities show up.
A hosting environment that’s not secure
A hosting environment is a MAJOR factor in website security. Think about the server as the house and other 3rd party services as the fence. Your house is your main point of security and it needs to be strong.
Many hosting companies don’t take this seriously and they don’t provide adequate security for their customers. Often this is due to cheaper shared hosting plans, people leaving old websites with deprecated code on the server that is shared with MANY other websites.
Even if you have your website locked down with 3rd party plugins and additional security monitoring, if someone elses website is on the same server, in the same house, and they let the intruder in because they aren’t updating their software, your website is at risk. They have let the intruder in and your house is open for looting because they are already on the inside.
Weak password and login credentials
Most security breaches for a website come from having a weak password and weak login credentials. This is like the lock on the front door. They can get past the fence and walk up to the house. If they guess the code to the front door they can waltz right in.
Make sure you have a strong password and login credentials. This is step number one in protecting your website.
The Bricks Theme Vulnerability
The Bricks Theme security issue was something called “remote code execution (RCE)”. This means that someone could hack into the server without needing a password or any credentials.
This is a major security issue that has been fixed with the recent 1.9.6.1 theme update but many people were affected by it. If you have a good hosting company, even if you were affected by it, your website can be cleaned and restored relatively quickly with no harm done.
The thing is, all the previous versions of Bricks Builder Theme had this security vulnerability in them. This has gone on for quite some time but since the vulnerability was found and the new version was released, it spread like wildfire and was exploited by bad actors very quickly.
The Bricks dev team was very quick to react and respond to the vulnerability but many people did not act fast enough and their website’s were hacked and exploited.
IMPORTANT: It needs to be said that these issues are not isolated to the Bricks Theme and are also not exclusive to WordPress. Although this comes up a lot with WordPress since it is open source and powers close to 40% of the websites on the internet, security is an ongoing issue regardless of which platform you are on. Just because you might use a platform like Wix, Squarespace, or something similar, does not mean you won’t be subject to security issues. It just means they happen in a more closed space where announcements are not made. They are dealt with internally and quietly.
Simple SEO Website Security
At Simple SEO, our website care plan utilizes Imunify360 which is the Gold Standard in internet security for Linux servers.
In this case Imunify360 and Rocket.net(not who we use for hosting but is a great option) were alerted to the problem. They collaborated and acted quickly to protect all sites that are using Imunify360 across the board. This included our websites so a huge thanks to both your teams!
Fortunately none of the sites that use our care plan services were affected by the security vulnerability.But even if they were, we would have been able to deal with it quickly and efficiently through our internal processes and backups.
But, this does raise the question for you.
What would happen if your website got hacked and you lost access to it? How would that impact your business?
Who is hosting your website and making sure it is secure and protected?
If you run a business, your website is a necessary investment, and you should protect it. Most people buy insurance for important things in life, your business website should be included in that.
If you are looking for a solid website care plan option that is protected by the industry Gold Standard and a team of experts standing by, let me know and we can get you set up and protected moving forward.
