Vulnerabilities email from A2

You have A2, a good hosting company, one that actively tries to keep malware off of it’s servers, and you got a warning email stating "vulnerabilities detected" on your site. That email is a “heads up,” similar in some ways to the warning lights you get in your car.

You’re wondering: 1. Are these “vulnerabilities” something to worry about? 2. Is there anything I can do?

The answers are 1. maybe, and 2. yes.

Background

Your website is run by software, right? And bad guys target software all the time. The good guys make improvements, and the bad guys find new ways, and the good guys make improvements, and then the bad guys… you get the idea. That’s why you’re getting this message now: things were fine before, but something new has come up.

Cause

What triggered this alert? It could be something that has been fine for years but now some bad guys might have figured something out, or something that was recently fixed, but that fix hasn’t been applied to your site yet. For example:

  • An issue with a plugin
  • An issue with the theme
  • An issue with WordPress itself

It might also be a “false positive,” something that looks like a vulnerability, but really isn’t.

Actions

The single most important thing you can do is to apply the changes good guys have made, by updating your site(s) regularly.

I suggest you log in at least once a week, and run whatever updates are needed. Here's a safe process to follow:

  • Start with plugins, do one at a time
  • Then do themes
  • Lastly, do WordPress itself

HOWEVER - be sure you have a complete backup done before you run updates.

Backups - simple, easy, cheap

WordPress has a better backup option than the one we used to offer. It’s called “VaultPress,” and is only $5 per month. They will backup your site once each day, and store a month of backups. If your site breaks somehow, you can put back one of those backups with one click (this is called a“restore”) .

What's the risk of not doing updates?

Screenshot of website blocked messageYou greatly increase the chance your site will get hacked.

  1. Hacked sites can be expensive to fix/recover.
  2. Google won't hesitate to blacklist your site, either.

Update service

If you would rather not have to do your own updates (you’re too busy, or it’s too hard to remember, or you don’t like messing around with the software), we offer a service. We check for updates five times a week (M-F), and apply them immediately. The cost is $35/month. Buy a year up front and get another month free (13 for the cost of 12). Interested? Get in touch now.

Comments

comments

image_pdfClick to get this article as a PDF file

Was this helpful? Please share now on: