WordPress is known for being one of the most popular and user-friendly website platforms available online, but this means it can also be more vulnerable to attacks than other content managed systems.

In the past few days, attacks on WordPress websites have spiked because of a vulnerability in software versions 4.7.0 and 4.7.1. The vulnerability, which is in the platform’s REST API, enables unauthenticated hackers to modify the content of any post or page within a WordPress site.

The weakness was fixed in WordPress 4.7.2, released on 26 January, but according to IDG New Service the WordPress team did not publicly disclose the flaw until a week later so that a large number of users could have enough time to update their software.

But because many webmasters did not apply the patch, a wave of attacks soon followed. It is now estimated that over 1.5 million website pages have been defaced from as many as 20 different hacking groups.

When it comes to website security, it pays to be proactive rather than reactive. Do not assume your website is secure because you have not been hacked in the past.

As website designers and administrators we take our own internet security as well as that of our valued clients very seriously. This is what led us to design a security package to minimise the risks of an attack on your website.

The package is called Citadel and aims to keep your website secure by keeping it updated with the latest minor version and extension updates and by installing a security component in the backend.

Encrypting your domain to use Secure Sockets Layer (SSL) is also highly advised. SSL creates an encrypted connection between the web server and your visitor’s web browser so that confidential information can be transferred.

Your secure site is accessed via https:// rather than http://, and indicated by a padlock icon in web browsers.

• Click here for more information on our Citadel Security Package
• Do you have a security-related enquiry? Contact us today