GDPR and hacked WordPress websites
With the General Data Protection Regulation (GDPR) looming you will no doubt be bombarded with emails from companies asking you to accept their new policies.
This applies to all websites or any business that handles data, so basically every business.
We have already covered some key areas of the GDPR but one area we think is significant (and was just as important before the GDPR) is data breaches.
The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.
You must also keep a record of any personal data breaches, regardless of whether you are required to notify.
With WordPress powering over 25% of the websites on the internet, it is a massive target for hackers. Securi.net does a report each year about hacked websites and has many interesting findings, which includes WordPress representing 83% of all the infected websites they have to deal with.
One of the reasons why WordPress is so popular is the extensive customisation options available via themes and plugins, unfortunately, this is one of the main reasons why it is so vulnerable. The theme and plugin market are unregulated and a lot of them are developed by small developers with little concern over security. Users then rarely update the plugins or themes, and you end up with a website that is highly likely to be compromised.
It is also quite common for users or developed to use pirated copies of premium plugins and themes, or not renew a licence. If a plugin has already been hacked to make it free, it is quite likely they have added other code to allow them to hack your site too.
In the event of a WordPress website being hacked, fixing it is a time consuming and costly exercise, when a site is hacked they don’t just modify one file they upload multiples to help ensure a website stays infected. In 2017 Securi cleaned 168 files per website in 2017, this is compared to 92 in 2016.
With the GDPR it has become more critical than ever to make sure your website is up to date and using secure modifications. At Dolphin Promotions we can handle all of these updates as part of the hosting package, we only use well-reviewed themes or plugins, and we use the bare minimum to achieve the functionality we need. All this allows us to keep our sites secure, and running as quickly as possible, which will have SEO benefits.
If you are concerned about your website and the GDPR feel free to get in touch, and we can discuss your hosting options.