The information about WordPress is incorrect. The hack occurred in a custom-designed CMS, not WordPress.

= = = = = =

Thank you to Reuel Sample (Presbytery of the Southeast) for sharing this information.

Dear Pastors:

We recently discovered one of our member church websites has been hacked.  While the church did not store any sensitive information on the site, it was quite evident that a non-authorized person had behind the scenes access.

This particular vulnerability is a WordPress issue.  However, no matter what platform you are using, it is vital that your site is kept secure.  Here are somethings that you can do:

1. Go to google.com and type in your church name.  If you find pharmaceutical references in your search result – or materials that would not have any business being on your site – most likely you have had a security breach.
2. Check your server logs. If there is an inordinate amount of bandwidth usage – especially if you do not host any streaming media – again – you most likely have a breach.
3. Make sure your website platform is always kept up to date.  Whether you are using Joomla, WordPress, Drupal, or one of dozens of others -you should always have the latest version installed.
4. Make sure your server is using the latest language tools.
5. Keep a backup.  The EPC Southeast site is backed up nightly.  Depending on how often you change your site – make sure you have a copy of it somewhere.
6. If your external site is hooked to your internal site (or intranet) – double check all firewalls.

If you have any questions, please contact your webmaster.

Sincerely yours,

The EPC Southeast Presbytery