I Was Shocked by This
I just got a notice that someone’s blog that I loved was over. This was not a WA blog. Apparently everything was hacked. They deleted all of her files and added redirect scripts. She tracked it back to a plugin she had installed. This is the tech info she wrote:
.... issue was caused by a plugin used to display "related posts" after each post. The "Yuzo Related Posts" plugin was "closed" by Wordpress on April 30th, see the article here. Unfortunately, Wordpress irresponsibly announced the closure publicly, before the developer was able to fix it, or even inform all of the 60,000 users who had it installed on their blog! A very bad move on the part of the Wordpress "security researcher" -- this was an open invitation for hackers to begin their exploiting, before site-owners were even aware of the vulnerability. The developer finally released a notice to remove the plugin, FIVE days AFTER thousands of us had already been hacked. Of course, you'd have to be subscribed to those particular lists, to even be notified. .....
She blamed WordPress and said she would never use them again. It seems to me that other blog builder stes like Wix or Webbly would be just as vulnerable though. Also I fell I have added protection since my blog is within the WA program. Regardless, I’ll be more cautious about plugins in the future. Since I often don’t understand tech things, I sometimes add a plugin thinking I will figure out later.
It was sad because she had spent 3 years documenting her travels around the U.S. in her trailer. I imagine she has started getting some income from it as well.
Just thought I would share this with all you wealthy affiliates. Maybe we should start thinking of unknown plugins in the same way we do unknown emails. Just don’t click on them unless you know who it is.
What do do think?
Do you trust plugins?
Do you consider WordPress to be reliable?
Do you feel like WA has a safety net around it to protect your blog from hackers?
Thanks
john Fish
Recent Comments
8
I am not convinced WA is doing all they can to protect our websites. I say this because one of my WA-hosted sites was hacked and infected with malware. Tech support was not very forthcoming with info other than to say it may have been a plugin.
My other knock on tech support is that it is not transparent as who actually performs tech support on our behalf. It is either "them" or "tech support" and never an individual by name. Someone who we could acknowledge for outstanding support.
This is very scary I believe that WA has a very high security on its servers. But the truth is that we don't own or have any control of the software we use and there always be problems
Its worth therefore having your website backed up
Barry
Wow! This is scary! I think we are well covered by WA. I back up my site often too though, did your friend not have a back up or would that have helped her?
I recently read here that we must always do a back up before installing new plugins, changing themes or doing updates. Guess we just have to do everything we can to protect ourselves.
Thank you for bringing this to our attention, John.
Blessings
Louise
Thanks for reminding me to backup. She said backups were infected also. She had a backup on her computer, but would have had to rebuild everything on a new site.
I always feel like WA has an added level of security. But I still think I need to be cautious with plugins. WA and WordPress can’t keep track of every new update on ever new blog.
See more comments
Thanks for sharing... I didn’t think we had to do backups as I thought it was covered by WA. Hmm wonder if Kyle, Carson or Jay will see your post and stop by and comment?
Hi Liz
We definitely do need to do backups, it's covered in the training too. Hope you've started backups from today :-)
Blessings
Louise
I never thought it necessary and it sounded hard. But it’s actually the easiest thing in the world to back up the site. Just go to tools, then export and download the file. I put it on my google drive. It was in the training.