If you haven’t already, please read Part 1 of this series.

Exactly 2 weeks after my Part 1 post, another client, who opted out of the Maintenance Plan upon site launch, had their site hacked for the 2nd time.

The first time, I cleaned the site and highly suggested my Maintenance Plan.  He assured me he would keep his site up to date. Yesterday I received a text message from the client stating his site had been hacked. I logged in to his site and saw this notice at the top of the site…

WordPress Updates

I went to the Updates page and noticed this client still had the security plugins I had installed however both were outdated:

WordPress Updates

This shows the importance of keeping your WordPress install, themes, and plugins all up to date. You can have security plugins installed, but without keeping them up to date, they can be useless against a hack.

I went to his server space and saw some compromised and out of place htaccess files:

WordPress Updates

I also saw this file which does not belong in a WordPress install (or any site for that matter):

WordPress Updates

I don’t know about you, but “_input_1_croatia.php” doesn’t sound very good. I cleaned the site, updated the plugins, and again suggested the Maintenance Plan to him…we’ll see what he says.

If he joins the Maintenance Plan, he’ll be in good company as none of the sites on the Maintenance Plan have been hacked.

Again, the bottom line is have your site secured.  Check out our Monthly Maintenance Plans for WordPress sites.