Supply chain attacks

What are supply chain attacks and how can you guard against them?

A supply chain attack is an attempt to break into your website, not via a backdoor or an exploit in a piece of code but instead exploiting a trusted relationship between software sellers or authors and their customers. In WordPress this usually means via a trusted plugin.

A common approach is to purchase a popular plugin then install malware into it. This may go undetected for quite some time before the plugin is removed from the WordPress repository.

Site Management is the key

Most WordPress sites are managed relatively casually. Whilst making a change to a website at a larger company might include code review, testing and a formal change control process,  that’s probably not happening on most smaller websites and many of those smaller websites are WordPress driven. In addition, many site owners don’t monitor their WordPress sites closely, which means malware can often remain in place for many months without being discovered.

The Staypress security add-on is a simple, cheap and effective way to bring better site Management to your WordPress site. Our package includes regular updates to core and plugins, regular deep file system scans to detect hidden malware and 24/7 change monitoring to detect any attempts to create malicious code within your site.