re: #230 CuriousLurker

Speaking of computers/tech/internet, after a recent round of hacking (and in addition to the usual security precautions), I installed some security plugins on all our clients’ hosted sites that are running WordPress.

I’ve tried numerous times warning people that they can’t just have a site built and then walk away, leaving it alone in the wild. WP and its plugins & themes need to be regularly patched/updated, as do it’s core files. But people don’t get it till they get hacked and their sites get shut down because they’ve been reported for malware/phishing. Guess who gets to do the search & destroy clean-up? Yeah. //

So the most recent one hadn’t been updated since January. It had 5 themes it wasn’t using and 30+ plugins that were installed, but not activated. WTF? You don’t go on vacation and secure everything up, but leave your garage door unlocked.

Anyway, I installed the security plugins, one of which notifies me of repeated failed login attempts and another which provides an audit trail of all actions (including IP addresses). I had a conference call this afternoon (with a different customer than the one above) in which I had him take a look at the audit log. He was gob smacked to discover that in the four short hours since I’d installed it, there had been no less than 25 failed attempts to log in to the admin area—from Tunisia, Russia, Jordan, Taiwan, Saudi Arabia, Argentina, Romania, etc. Those are just the ones I remember off the top of my head. It was occurring, on average, about once every 10 minutes.

Said client has undergone an epiphany and now realizes how important good (file) housekeeping, patches & updates, strong passwords, and security precautions are. I think I’m gonna make it a regular thing with all clients now.

Considered presenting it as a cost saving to them, breaking down the cost for updating and regular housekeeping, v.s. you on call doing bug/malware search and destroy, and secondary effects of them getting hacked or a bug causing damage?