Static Clung

One of the first questions we pose to web design clients is “are you going to be updating your website?”  If you’re a blogger type, and you’ll be adding posts on a regular basis, that’s great!  We can design accordingly.  But if the website is going to remain static — more of an advertisement then anything else — ok, while not preferable, we can build for that.

Yesterday, we learned firsthand of what happens when you let things remain static:  our site was hacked and we didn’t know it.  On Friday, some resourceful hacker type turned D.I.-Why into a website for the Worcester Country Firefighter’s Emerald Society.

Strange?  Yes.

Disappointing?  Very.

We had hoped that in the event our site got hacked, it might turn into some bizarre porn site, or at least something espousing the wacky political beliefs of an enraged despot.  But no, it was just a basic WordPress site for some firemen and firewomen.

Before anyone panics, our client data was completely unaffected by this.  We keep that stuff totally separate from the public website, so credit cards and addresses, and any personal data was never at risk.

We immediately called our hosting provider and asked ‘em how this could happen.  Their initial response was to assume that some part of the website was vulnerable.  They told us to update everything we could — plugins, widgets, WordPress.  Fortunately, they back up all the sites on their system, so we were able to get our own site up and running like nuthin’ happened within a half hour of identifying the hack.

The lesson from all this:  keep your websites updated!  Just because it’s done, and you have no plans to add content, doesn’t mean you can just walk away.  Stuff gets out of date, browsers get upgraded, companies tweak their widgets and plugins.  The few minutes it takes to check things out will save you a boatload of disaster down the road.  Trust us.

And if not, consider a donation to the Worcester Country Firefighter’s Emerald Society …