It seems like almost every other day I’m reminded why our tagline “web developers that don’t suck” came about in the first place.
Recently we took over a business’ website that had been hacked. Their business relied extremely heavily on AdWords (90%), and because of the malware, Google had suspended their ads. Overnight they went from phones ringing to not at all.
We didn’t have a clean backup, so it was a manual malware removal process. This freaking sucks, especially when we are talking around 400 hacked files.
As part of the process we had a look around to see how the site could have been hacked.
One of the most common reasons sites get hacked is because of plugins or WordPress itself being out of date. Many updates are created to patch security holes. This is why it is incredibly important to keep your sites up to date.
On first glance it looked like there were no updates available. Good sign right? Looking closer, the WordPress version was waaaaay old. But why wasn’t it saying there were updates?
Turns out someone had added a plugin called “Disable all updates”…
The name says it all really.
Why anyone would want to do this is beyond me.
I remember talking to a fairly highly regarded local web developer once who said something like this
We found this awesome plugin which hides all the updates from the client so they don’t worry about updates!
This was said like it was a great addition to their business.
I’m so sick of this kind of thing. It is 100% NOT ok for people who call themselves developers to operate like this.
It is 100% NOT ok for people who call themselves developers to operate like this.
This client went from a thriving business to going almost out of business overnight. All because of a dodgy web developer practice.
(Relying on a single channel of traffic also isn’t great, but not the topic of this post)
And that ladies and gentlemen brings me to the end of this rant.