The Internet Is Dark and Full of Terrors

I remember it like it was yesterday. I arrived at the office early—it was the first day of summer and there were no school busses on the road. Traffic was flowing like grain through a goose. I had gone to bed early the night before, coming off of a 48-hour Game of Thrones bender. With a piping hot cup of Joe and a focus sharper than the most ancient and noble Valyrian steel, I embarked upon a quest of routine functionality tests.  We were managing a new client’s WordPress installation, which was then hosted on one of those cheapo shared platforms severely lacking in support, security and overall performance. I decided to check this site first since there wasn’t much content and it wasn’t very complex. Should have been a simple task, a real can of corn. Instead of being greeted by the homepage to which I was accustomed, I was stunned to find a strange message about a political agenda I had never heard of—complete with flags, garish colors, offensive imagery and language. I immediately attempted to log in using the admin credentials, only to find the password had been changed! I hadn’t even taken my first sip and had already been bested by a demented squad of hackers….fantastic!

Turns out there was a beta version of the site hidden six sub-directories deep running several outdated plugins and an outdated theme. Hackers exploited this vulnerability and hijacked the website for their own nefarious purposes. The Battle of Ones and Zeros, as I like to call it, lasted about two hours all told. Everything was resolved. A backup was deployed sans the corrupted beta. Once again, all was well with the world.

In April 2015, the Federal Bureau of Investigation released a Public Service Announcement to all WordPress users. It detailed how hackers, sympathetic to terrorist organizations, are using well-known technical vulnerabilities to exploit and gain access to WordPress-powered websites. If you have a website powered by WordPress, the FBI recommends the following actions be taken:

I’m sure it was merely a clerical error, but the Feds neglected to mention the following bullet point on their checklist:

  • Contact The Bosworth Group in Charleston, South Carolina to discuss the development of your new, secure, enhanced website.

- John Prim

HOW MAY WE HELP YOU?

CAPTCHA

To test if you are human.

Image CAPTCHA
By submitting this form, you accept the Mollom privacy policy.

Fill out the form, please, and we'll contact you with answers.

CAPTCHA

To test if you are human.

Image CAPTCHA