Here goes the story:
A friend & fellow business owner called me in light distress concerning a WordPress website she maintains for one of her clients.
The site gained a visit from malware & it went rogue, i.e. they placed inappropriate content all over the place. So much that you would think that the business no longer does yoga & massages and switched to a more lucrative side of physical relaxing - If you know what I mean 😏 -
So began my WordPress distress journey. Small disclaimer: I never worked with WordPress before.
My actual plan:
- Contact the hosting partner to place a backup from before the infection.
- It seemed like a pretty straightforward thing to do.
- Update WordPress & WordPress plugins to mitigate the risk of application attacks.
- Hackers like old software versions because upgrade notes often spill the beans on how to take control of the ship. So take this advice like I am your dentist telling you to floss → UPDATE YOUR SOFTWARE. (Who flosses anyways?)
- Migrate the website from unmanaged hosting to managed hosting.
- Unmanaged hosting is cheap because... it’s unmanaged. That also means that you - yes, you - are responsible for keeping the software on the server you rent up to date. (minus some exceptions, but keeping it short right now). So, moving things to managed hosting will cost you a couple of bucks more, but you get a good night’s sleep in return. Siteground, for example, maintains WordPress hosting & keeps the software + plugins up-to-date.