<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=118316065439938&amp;ev=PageView&amp;noscript=1">
David Mills
By David Mills on December 01, 2021

Anything but Jolly - Single Hack Impacts Million+ WordPress Websites

We rely on our websites, now more than ever. Whether you are recruiting employees, nurturing donors or looking for more customers, the digital journey is a must-have, but hacking can stop all of that.

When Godaddy announced that it had allowed 1.2 million WordPress users to be compromised, it added fuel to the already significant fire of security concerns around this much-loved open-source website software.

Some of those users have multiple websites on their accounts, and all of them (yes, all of them), should actually either move their websites or rebuild them from fresh code. That's not a Christmas gift. It's coal and underwear.

This was a security failure at the hosting level. Godaddy failed to secure access to the customer email and account numbers for 1.2 million users in their WordPress Managed Hosting services.

This failure exposes every one of those customers to phishing and other security breaches, with 28,000 websites specifically identified as being compromised.

WordPress security issues are most profound at the individual website level because of the mixture of open source code and loads of plugins developed by almost anyone. 

New call-to-action

Addressing a hack is a big burden, but the focus of organizational leaders shouldn't have to be on worrying about security. In a recent study, nearly 20% of the plugins available for WordPress were vulnerable because they simply hadn't been brought up to the current code security standards.

We can blame all the hobbyists and garage code builders for not having the time to keep these plugins up-to-date in the race to tamp down security breaches in WordPress. 

But if you are a leader who is banking on this mixed bag of professional-hobbyist-suspect plugin developers, you have to think twice.

Why should you put your organization at risk because the amateur code jockey who built a critical plugin hasn't gotten back to their kitchen table to work on the latest code?

There is a better way that doesn't require using digital baling wire on a legacy codebase to run the digital lifeline and front door to your business.

It's called SaaS - software as a service. This is where you let an enterprise level team of software engineers and security experts deal with the need for code and security, and you focus on - yes - winning more customers, donors, or employees.

New call-to-action

Published by David Mills December 1, 2021
David Mills