WordPress Websites Targeted by Ransomware – 3 Steps to Cyber-Survival
This year we have seen an escalation in cyber-security threats to business. The risks are significant; Cadbury’s Tasmanian factory suspended manufacturing when ransomware locked their systems. How does a factory make anything when it doesn’t know what orders it has, or inventory and cannot ship product? These are the practical implications arising from a security breach. Cadbury subsequently posted a $140Mio hit on revenues as a consequence.
Directors of companies are expected to reasonable steps to protect the business from known risks like this.
More recently Ransomware targeting websites, WordPress in particular, are also becoming more prevalent.
If your website has online forms that captures contact information, the consequences of that information being unintentionally released can be significant, especially now that Australia has passed laws that make disclosure of data breaches mandatory.
In case you missed out, you can view our article; What is Ransomware and how can you protect against it?
Mitigating these risks can be achieved quite inexpensively.
What Steps Can We Take to Protect Our WordPress Site?
The good news is that for customers using WordPress have a number of options available when protecting against this threat:
1. Keep Your Content Management System & Plugins Up-To-Date:
New attacks are developed every day and WordPress must continually develop and issue security patches. Making sure you have implemented the latest WordPress security patches helps, no different to keeping your PC or Mac’s Operating System up to date. You also need to consider your WordPress themes and plugins; these must be kept up to date by their respective developers AND your developer must implement the updates that get released.
(This goes for all websites run on content management systems, including Joomla and Magento)
If these updates break your website because the upgrade is incompatible with your theme or plugins, it’s time to upgrade them or dump the offending themes or plugins if they haven’t also released an upgrade.
(It is best practice to obtain a backup of your website before performing any update, see our website backup options here.)
2. Use a Web Application Firewall:
OzHosting has provided countless customers with WordFence to protect their website. WordFence identifies attacks and prevents them. It also continually updates its protection mechanisms with information about new attacks ensuring it can defend against these. WordFence costs $80/year inc GST and this includes installation by Ozhosting techs.
Customers can purchase this premium plugin through our online store.
View the plans and pricing available here.
We also have several other Web Application Firewall options available. Ask out team about finding the right one for you.
3. Ensure You Have a Recent Backup in Place:
As ransomware threats are constantly evolving and taking on new forms and attributes making it difficult for anti-virus and cyber-security plugins to protect against these threats, we believe that the best defence against ransomware is ensuring you always have a recent backup.
When it comes to websites, ensuring a recent backup is available isn’t always easy and is often overlooked.
This is why we recommend the use of our DropMySite Website Backup Tool. This feature allows for daily backups of your website and database to be created automatically and even holds the last 30 days’ worth of data to ensure you can restore the best version of your site quickly and easily.
It is important to note: You should never submit and pay an attackers ransom as there is no guarantee that your files or system will be restored to you and as some unlucky customers have found, the authorities are virtually powerless to track these attacks and assist.