Ransomware threats ramp up for WordPress eCommerce users

Ransomware threats ramp up for WordPress eCommerce users 1

Although you might not notice it, by the time you’re done browsing the Internet today, it’s entirely likely you’ve gone to 5, 10, even 50 websites powered by WordPress. Formerly the leading name in individual blogging, WordPress has transformed into a massive force of eCommerce in the last decades. Some of the biggest names in the public setting have their sites powered by WordPress and they run as smoothly as if they were on their own server. 

The problem with all that popularity is that it ramps up criminal interest as well. The more people in one place, the more criminals think it would make a nice target.

The majority of WordPress sites are owned by small and medium businesses (SMBs), which can also mean more lax security as those types of companies have to consider every angle of their budget to make ends meet. 

The proof of that theory is in the numbers. A recent report showed that nearly 43 percent of hacked websites are for SMBs, a number that is more than double what it was five years ago.

Apathy is a big problem for SMBs. Those running tiny niche businesses out of rented office space or sometimes even their own homes have the tendency to think “Why would anyone hack us? Nobody even knows us!” That’s the fallacy that cybercriminals are intent on hearing. 

They will buy or research lists of newly bought domains in order to keep track of future targets.

SMBs usually have websites built in-house or by a lower-level third party. That means more of a likelihood for holes in the security, patches not fixed, updates not installed.

How is WordPress Threatened?

Ransomware threats ramp up for WordPress eCommerce users 2

A new form of ransomware called EV ransomware looks for vulnerabilities in WP websites and can upload its virus if it finds a compromised site. There it can lock out your administrators as well as lock all existing files. A crudely drawn lock will appear on your login screen to let you know you’ve been hacked. Other things to look out for with WordPress are phishing websites, adware, and credit card skimmers, that will go after your customers when they try to buy merchandise or services from your site. Cryptojackers - malware that uses your device or site’s CPU to help it mine cryptocurrency.

FIght back to Secure WordPress

Prevention is the best key for keeping safe, but make sure you report any and all suspicious behavior to a WordPress representative. Beyond that, here are several more tips to live by:

  1. Don’t download thing s that don't say WordPress. Just do the math, would WordPress want you using another system to help with WordPress? Of course not. Anything else should be considered as cam.
  2. Use only official platforms: WordPress is open source, meaning anyone can build on it and release later versions. But some builders are hustlers, scammers, and criminals trying to make a quick buck. Don’t help them, ignore customized free builds in favor of official releases.
  3. Backup your site weekly. If the worst happens and you get locked out, you can restore to an earlier point and not miss a beat.
  4. Get great antivirus software like Bitdefender for your machine. When it’s in place and turned on, these software components will catch or at least suspect 95% of the things that can harm your machine.
  5. Always update your software. Hackers know all about new security patches. When they expire, they’ll suspect you aren’t updating them, and if you are right, they can make it hurt.