Nowadays, with the increase of open-source tools like WordPress, Joomla and other Content Management Systems (CMS) individuals around the Zimbabwe are able to quickly create a virtual existence with little or no cost. In the course nonetheless, a lot is being lost in terms of what it means to own a website.
BH24 which publishes business news has been hacked and the site owners don’t know it yet. The website belonging to ZimPapers.As Misha Glenny puts it “there are two types of companies in the world: those that know they’ve been hacked, and those that don’t.”
The site, http://www.bh24.co.zw , (hacked url) was attacked by a hacker called Rookie 1453. Instead of the usual front page Defacement, the hacker just uploaded a post titled .PHP dated 03 Nov 2015.
The Website has been running on outdated software, e.g. there content management system (CMS) had not been updated. The site is running on WordPress (WordPress 3.9.8 and latest update now. 4.3.1) a free and open source blogging tool and based on PHP and Apache (Apache 2.2.22 the latest being 2.4.17 )
They are a number of way you can take to protect your WordPress website like :
Always keep up with WordPress updates, including plugins and widgets
Don’t use the “admin” username.
Use complex passwords and always add a plugin or security shield that prevents too many login attempts.
Consider changing the file structure. Attackers purposely look for website directories with “wp” in their names (i.e. “wp-admin”)
The above steps can go a long way to help safeguard your WordPress site, new attacks surface nearly every day. It is important that you stay diligent, and apply future security steps as you see fit. Human beings are still the weakest link in the security. You cannot barely blame them, though, maybe its lack of security training. Social engineering attacks over email have been sophisticated to a point that they’re, at first glance, unremarkable.