“WordPress Security Starts With You!” This is a comment I tell every client during our WordPress training sessions and can’t overemphasize how important this is in maintaining a WordPress website. I tell our clients the following every time:
- Ensure that your home/office network uses secure passwords and WiFi is encrypted.
- Make sure that your operating system, all software, and browsers are up to date.
- Maintain backups of your website and always update WordPress & plugins.
- Always use strong passwords and never use one password for everything.
My instructions have been directly reinforced this week by two events within the WordPress and online world.
Earlier this week WordPress version 3.3.2 was released to address about a dozen bugs and security issues. You should be able to update any of your WordPress sites through the dashboard by now (just be sure to back up all of your files and database first).
Not directly related to the recent WordPress update, but also a security issue traced back to out of date WordPress installs is the Mac Flashback virus. It was found that Apple users were being served the malware from out of date and infected WordPress sites.
Quoted from the article linked above: Alexander Gostev from the Kaspersky Lab Global Research and Analysis Team explains how compromised WordPress sites were used to infect Macs, “From September 2011 to February 2012, Flashfake was distributed using social engineering only: visitors to various websites were asked to download a fake Adobe Flash Player update. It meant the Trojan was being distributed as installation archives named ‘FlashPlayer-11-macos.pkg,’ ‘AdobeFlashUpdate.pkg,’ etc.”
Apple also released a Flashback removal tool through its software updater, so if you haven’t seen it yet, run a manual software update check on your Mac.
Keeping your WordPress site up to date and keeping your own hardware/software up to date is the first line of defense in keeping your WordPress site secure and keeping it from serving malware to your site visitors. Once a site is found to serve malware, sometimes search engines will blacklist a site.
Bottom line; go update WordPress today and make sure your computer is clean.