Horrible Things Can Happen to Websites on Cheap Hosting, and When Themes and Plugins Are Not Updated

Imagine having your website taken over by terrorists.  Yep.  Leaving a horrible message and infecting your innocent veggie growing blog with thousands of malicious files.

It happened to me this month, and it was my fault entirely.

We’ve experienced good growth in the last couple of years and our team has been super busy looking after all our clients’ websites.  We host our clients wordpress sites with a premium wordpress hosting service, and we keep them up to date constantly. We have security monitoring installed, and our team makes sure that the plugins and themes are updated to the most recent version as soon as they're issued, and they double check that the update hasn’t caused conflicts or stopped the site from functioning.

Sadly, I had neglected a couple of my own older websites, and updating them was low on the priority list.  We do the plugin updates regularly, but we were lax in upgrading the themes.  And so I paid the price.

Terrorist take over our website

This is a screenshot of the horrible message left on my vegetable gardening blog by “terrorists”.  As it’s a .com site, not a .com.au site, they assumed we are American, despite advising we are Australian on our About Page and in a few blogposts.

We had not got around to moving the site from Hostgator onto our premium hosting service, and the hackers gained entry  through the theme, which hadn’t been updated to the latest version.  They proceeded to upload a couple of thousand malicious files, and left this warning on the home page.

When a customer notified us that they couldn't purchase one of our books from the site, we realised the site had been hacked. Our team swung into action and removed the thousands of malicious files,  updated the theme to the latest version, and moved the site to our premium hosting service.

Big lesson for us – look after your own websites as carefully as you look after your clients’ sites!

Gobble de gook home page

In addition to making it easy for hackers to enter your website, not updating everything regularly can cause functional  issues.

As well as wordpress themes, the wordpress system files, the php code files and the plugins all need to be updated as soon as updates become available.

Some hosting companies provide an automated plugin update service, but we don’t recommend relying on automated updates.  Some webmasters or site owners will periodically check for plugin updates and just click all the update buttons, without checking to see if the updates have caused conflicts.

We’ve even seen some sites still running with themes, core files and plugins that have not been updated for a couple of years.  One site owner thought he'd just click all the update buttons, and unfortunately this caused the whole site to crash.  He contacted us for help, but it couldn't be restored as there were no full site backups where he was hosting it, and so we had to rebuild it from scratch.

It's just not possible to update old versions to the latest version, as the progressive updates in between contain code, security fixes and feature updates that are needed for the latest plugin version to work, and for it to work with the latest versions of WordPress, php and the theme.

The thing is, when WordPress issues an update to it’s files, which is done automatically, many of the plugin developers also need to update their plugins to accommodate the changes made with the WordPress update.

Same when a new version of php code is issued.  The plugin developers need to ensure that their plugins will work with the latest version, and if not, issue an update.

Relying on automated updates, or randomly updating plugins is a recipe for disaster, as a friend found out recently.

The image below shows the home page of my friend’s website (not one that we host or look after) after a plugin update.

Her webmaster had not checked the public view of the site after the plugin update was done and didn’t see the issues that the plugin update caused.

It did take a couple of days for the issue to be rectified, and thankfully it’s now back to normal.

Unfortunately issues like these can have a short term, and perhaps long term negative impact on a business.    New visitors to the website seeing this page of gobble degook would leave immediately and be left with a bad impression of the company.  It would definitely have an impact on SEO, lead generation and sales if it was left like this for a day or two.

Website maintenance essentials checklist

A website is not a “set and forget” digital asset.  Just like a bricks and mortar shopfront, office or factory, it needs to be maintained regularly.  As you can see from the two examples above, cheap hosting and a lack of care can have serious consequences.

The following checklist is the minimum amount of maintenance that you or your webmaster must be doing to ensure your website stays secure and functional and provides a good visitor experience:

• WordPress Core and Plugin Updates – check twice a month, install and test for conflicts when issued
• Theme updates – check twice a month and update when issued
• Full website content and database backups – daily
• Security scanning for attempted hacking and malicious files – daily
• Performance testing to check site load speed – twice a month
• Server uptime monitoring – daily

Our WordPress website care plans include super fast hosting

The monthly website hosting and care plans provided by Commonsense Marketing give our clients total peace of mind that we are on hand, rain or shine, to upgrade the website core software, plugins, theme and php files when updates are issued.

Our top of the line premium wordpress hosting is far more secure than cheaper services, and take full backups daily, and notify us instantly of potential security breaches from plugins.  Our techn team members take this one step further and monitor up-time and security scanning reports daily, review site performance, provide ongoing support and send our clients monthly website performance reports.