A couple of months ago one of the sites I run was hacked via a nasty hole in a plugin that it was using. It took quite a bit of work to find the source of the issue and resolve it once and for all.
Once the hole had been plugged properly the traffic levels returned to normal.
But it’s only when you have a reasonable amount of data that you can really see how much impact this kind of issue actually can have on a site’s traffic.
Here’s what a longer period looks like:
Unfortunately other sites that I run have had issues over the last few months. Some were defaced, others had nasty junk inserted – the list goes on and on.
The key lesson to be learnt from all this is to keep a close eye on your Google Analytics (or whatever you are using)
If you see a dip in traffic overnight it might be caused by Google changing their search algorithms, but it could just as easily be due to something hijacking your traffic or inserting some junk into your site’s code.
If you’re using WordPress make sure to remove any themes or plugins that you aren’t using. If they’re not installed they can’t be compromised.
Keep an eye on Google Webmaster Tools and make sure all your sites are registered there (I discovered that one of mine wasn’t which made removing it from their “bad” list that bit harder)
Keep your WordPress (and other CMS) software installs up to date. Make sure that the themes you are using are up to date as well – a lot of them won’t “tell you” when an update has been released, so you’ll need to check manually.
Ciao Michele, would you feel like publishing the name of that plugin?
Everytime I install a new, free WP plugin I always get very worried in terms of possible malware/nasty holes.
Website security is probably going to be the biggest issue of the next few years… and that’s quite scary for web designers!
Rodolfo
What plugin?
Michele
You said “A couple of months ago one of the sites I run was hacked via a nasty hole in a plugin that it was using”?
Yes, but it had nothing to do with WordPress
Ok, cool, one less thing to worry about 🙂
Rodolfo
For WordPress there are a couple of big things to be aware of
The single biggest headache I’ve seen in the last 18 months or so was caused by TimThumb. There’s a couple of plugins out there that will scan your entire WP install for any instances of it and warn you if they need to be upgraded, which is very very useful.
The other things to be careful with are themes / plugins that you aren’t using. While the plugins might get updated automatically a lot of the 3rd party themes won’t and you won’t know if there’s a security hole with them 🙁