Read the full story
Websites are critical business assets. Many organisations invest years in improving their search engine rankings in an attempt to drive more traffic to their website. It is therefore important to consider the security of web hosting platforms, such as the popular content management system (CMS), WordPress.
Activities such as web application penetration testing and secure code reviews can help protect WordPress-hosted websites from a range of risks.
In a recent case, a WordPress-hosted website’s code was manipulated, resulting in the traffic being redirected to a server hosting fake e-commerce sites. As a consequence, the website’s strong search engine ranking was undermined, resulting in missed business opportunities.
It is thought such tactics may be used to extract a ransom in exchange for restoring the website’s search ranking.
For any organisation hosting its website on WordPress, it is essential to have strong authentication controls. Any user with access to the WordPress admin should be using strong passphrases and, preferably, Multi Factor Authentication.
You can further strengthen your website’s security by conducting regular web application penetration testing and secure code reviews. Such activities should form part of a broader risk management approach and will help you prevent breaches or the insertion of malicious code.
Speak to the CyberCX team to learn how our approach to application security can help your organisation protect this critical asset.