A Hard Lesson in Website Maintenance
For those of you who are short on time, here’s the summary:
1) Our website was hacked
2) It did not impact our products in anyway (our products and our website are hosted by two different companies)
3) No personal or customer information was compromised
4) If you have a WordPress website, then read this article.
For those of you who have a bit of time (lunch hour, particularly slow day at the reference desk, day off, etc…)
Last week we noticed something odd – people searching for “Evanced Solutions” on Google were finding that we did not make library software. No, in fact, we were the number one Canadian provider of a variety of medications.
When customers clicked on the links to our website, they still came to our normal site. We were worried and began researching, but figured we’d quickly fix it within a day.
Unfortunately, our website content also began to transform, with links on our site suddenly leading to websites that were not our own.
Now we were really upset.
What we learned was that we had fallen victim to something called the WordPress Pharma Hack. The hack takes advantage of a security loophole in WordPress, then inserts malicious code in to the site. It’s an especially crafty hack as it attacks your webpages that receive the highest amount of traffic.
There are many variations of the hack but we found a great deal of help on the website Pearsonified. Because of the variations, we weren’t able to follow his directions to the letter, but we were able to get the jump start we needed (Thank you!)
You might be thinking “Well, if your website went down to hackers, what’s protecting your software?” Really good question. We take great care in the security of our software. But when it came to our website, we used a contractor and our contractor didn’t operate with the care and discretion we expect of ourselves. We want to assure you that our software is secure and that we are taking measures to ensure that our company website is secure from now on.
No customer or personal information was comprised by the hack.
We apologize for the inconvenience this caused our customers and potential customers. We’ve learned some valuable lessons and we hope this helps those of you using WordPress for your websites.
If you have any other questions, please contact us at support@evancedsolutions.com or by calling 888-519-5770.