The information about WordPress is incorrect. The hack occurred in a custom-designed CMS, not WordPress.
= = = = = =
Thank you to Reuel Sample (Presbytery of the Southeast) for sharing this information.
We recently discovered one of our member church websites has been hacked. While the church did not store any sensitive information on the site, it was quite evident that a non-authorized person had behind the scenes access.
This particular vulnerability is a WordPress issue. However, no matter what platform you are using, it is vital that your site is kept secure. Here are somethings that you can do:
- Go to google.com and type in your church name. If you find pharmaceutical references in your search result – or materials that would not have any business being on your site – most likely you have had a security breach.
- Check your server logs. If there is an inordinate amount of bandwidth usage – especially if you do not host any streaming media – again – you most likely have a breach.
- Make sure your website platform is always kept up to date. Whether you are using Joomla, WordPress, Drupal, or one of dozens of others -you should always have the latest version installed.
- Make sure your server is using the latest language tools.
- Keep a backup. The EPC Southeast site is backed up nightly. Depending on how often you change your site – make sure you have a copy of it somewhere.
- If your external site is hooked to your internal site (or intranet) – double check all firewalls.
If you have any questions, please contact your webmaster.
The EPC Southeast Presbytery