The information about WordPress is incorrect. The hack occurred in a custom-designed CMS, not WordPress.
= = = = = =
Thank you to Reuel Sample (Presbytery of the Southeast) for sharing this information.
Dear Pastors:
We recently discovered one of our member church websites has been hacked. While the church did not store any sensitive information on the site, it was quite evident that a non-authorized person had behind the scenes access.
This particular vulnerability is a WordPress issue. However, no matter what platform you are using, it is vital that your site is kept secure. Here are somethings that you can do:
- Go to google.com and type in your church name. If you find pharmaceutical references in your search result – or materials that would not have any business being on your site – most likely you have had a security breach.
- Check your server logs. If there is an inordinate amount of bandwidth usage – especially if you do not host any streaming media – again – you most likely have a breach.
- Make sure your website platform is always kept up to date. Whether you are using Joomla, WordPress, Drupal, or one of dozens of others -you should always have the latest version installed.
- Make sure your server is using the latest language tools.
- Keep a backup. The EPC Southeast site is backed up nightly. Depending on how often you change your site – make sure you have a copy of it somewhere.
- If your external site is hooked to your internal site (or intranet) – double check all firewalls.
If you have any questions, please contact your webmaster.
Sincerely yours,
The EPC Southeast Presbytery