One of my responsibilities as a web designer and developer is to make sure all of the server software is constantly kept up-to-date. If it’s not, hacker-bots sneak in and take over. And that can get ugly, as it did for my server a few weeks ago.
For the first time since I started in this business in 1995, my server was partially compromised, and was used to send spam. The server was added to blacklists, and some of my clients had difficulty sending email. Not good at all for my clients. And for me — it was a nightmare. I felt horrible.
And once a hacker finds a vulnerable server, they keep hammering it.
So, my excellent admin and I fought repeated incursions over the following 3 weeks, finding nasty bits of hacker code and deleting them, tightening up various aspects of server security, finding and patching holes, and instructing clients on the things they must do to keep their websites secure — until the incursions were finally stopped.
At least for now. The battle is constant — so I sometimes joke that WordPress plugins have to be updated every 15 minutes.
Today, I got an automatic heads-up that a WordPress plugin needed to be updated: WordFence, a great security utility. So, I opened up my security update checklist and started in, updating WordFence itself from version 6.0.3 to 6.0.4.
Fifteen minutes later, as I updated the last of 17 websites, I noticed that the new plugin version that was available had changed to 6.0.5.
That meant that from the time I got the notice about 6.0.4, 6.0.5 had come out… and I had to start over and update all of the sites again.
It’s possible that the first notice I got was delivered as long as 24 hours after the update came out, but still, it was funny that I literally had to update again 15 minutes later.
Maybe I should stop making that 15-minute joke and “putting it out into the universe.”
In the meantime, we fight on, doing our best to keep clients’ websites and mail service running smoothly!