Potential Web Site Hack - Secure Your Site

UPDATE - 25 June 2013

The information about Wordpress is incorrect. The hack occurred in a custom-designed CMS, not Wordpress.

 = = = = = =

Thank you to Reuel Sample (Presbytery of the Southeast) for sharing this information.

 

Dear Pastors:

We recently discovered one of our member church websites has been hacked.  While the church did not store any sensitive information on the site, it was quite evident that a non-authorized person had behind the scenes access.

This particular vulnerability is a Wordpress issue.  However, no matter what platform you are using, it is vital that your site is kept secure.  Here are somethings that you can do:

  1. Go to google.com and type in your church name.  If you find pharmaceutical references in your search result - or materials that would not have any business being on your site - most likely you have had a security breach.
  2. Check your server logs. If there is an inordinate amount of bandwidth usage - especially if you do not host any streaming media - again - you most likely have a breach.
  3. Make sure your website platform is always kept up to date.  Whether you are using Joomla, Wordpress, Drupal, or one of dozens of others -you should always have the latest version installed.
  4. Make sure your server is using the latest language tools.
  5. Keep a backup.  The EPC Southeast site is backed up nightly.  Depending on how often you change your site - make sure you have a copy of it somewhere.
  6. If your external site is hooked to your internal site (or intranet) - double check all firewalls.

If you have any questions, please contact your webmaster.

Sincerely yours,

The EPC Southeast Presbytery