Dashboard Interactive personnel identified the hack and notified the developer and hosting provider of the issue. Unfortunately, the warnings were not taken seriously by the stakeholders initially and the hosting provider continued to believe that there was an issue.
Google then identified the hack and additional warnings were issued by Dashboard personnel along with a timeframe of when Google might flag the site. This would negatively impact their search engine results and search traffic, which would decrease leads and sales.
The warnings again were not taken seriously. Google did flag the website, and immediate cleaning and Google penalty remediation services were needed to resolve the situation. The work required was not inexpensive and the hack was preventable.
The Problem: Older Server Wasn’t Secured, Monitored or Updated
The problem behind the Google penalty was a circa 2008 server that had not been updated in a long time. The company did not monitor their website, and did not update plugins, themes or other parts of the WordPress site regularly. The site was a security nightmare waiting to happen.
Problems associated with the site include:
- Outdated theme
- PHP vs current WordPress platform PHP
- Security plugin not compatible with the Canvas theme was being used
- Plugins not updated in over a year
- No manual monitoring of the server system
- No human level inspection
- Server config from 2008 was adapted, then a new server update occurred and the aged windows system was not updated (not keeping up with server technology)
- Older windows server configuration
- Shared server – non-secured
- Misconfigured SSL – cheap 3rd party SSL
- The Server alerted the hackers that the websites inside were very likely easy to hack. The PHP was targeted as a breakable door. All sites on the server were most likely impacted
The Solution: Update and Safeguard the Site
Dashboard’s website cybersecurity expert immediately identified the security issues for the developer and manufacturer’s IT team. Cleaning of the site, updating plugins and the SSL certificate, changing hosting providers and resolving the issue with Google was recommended.
Lessons Learned
It’s important to note that most website developers and small and medium sized hosting providers have very limited website cybersecurity expertise and the roles that they play can lead to vulnerabilities that can be exploited by experienced hackers. Updated technology and processes and an understanding of today’s cybersecurity climate could have prevented this hack from occurring.