Recently we cleaned a clients site that was hacked or injected with all sorts of malware and spam-links. Normally this is a pretty straightforward and routine task, but in this particular case this WordPress self hosted website was
- running the latest version of WordPress
- all plugins were up to date
- theme was recent and up to date
- all spam comments were regularly cleaned
Yet this site STILL got injected with 3rd party code which added advert text links on the website.
It turns out that they had the SweetCaptcha plugin. Fortunately the security team at Sucuri did some fantastic detective work and digged deep to expose this plugin in a long detailed post which can be read here.
Fortunately none of our clients have used this plugin. We actually prefer to scale down on 3rd party plugins and as a rule of thumb, keep our sites to a maximum of 10 active plugins. Usually much less then that, although eCommerce sites using WooCommerce tend to always require some plugin or the other.
Remember, we offer a very affordable WordPress maintenance service for only $28/month
(yes it’s in US dollars as most of our clients using this are based outside of South Africa 🙂