Our site was attacked recently with vicious malware that went deep into our website. No user information was taken, that wasn't the point of this nasty thing. The point was to redirect all of our visitors automatically to their junk. That junk could be either something to buy, or something that you would need to download in order for it to do its sinister duties.
As stated, there were no user accounts affected and no passwords or sensitive data stolen. It took many hours to finally remove all of the scripts, but it's finally done, thanks in large part to the team at IONOS.
I can't stress enough how important site security is. If you can afford it, buy it. Find the best site security package for your site and buy it. IONOS currently has a scan and remove security package for just $5.99/month. You can find that here.
Backing up your WordPress website is so vital to the success of your business. Setting up automatic backups are even better. We took some time off and one of the reasons this penetrated so deeply into our site was because our previous backup process stored data for 5 days. By the time we got back to work, it had been well beyond that, so our most recent backup was compromised. It is good practice to backup daily onto a local hard drive. Here at Royalty Online Business, that was a practice of the past, however, we chose (incorrectly) to go with a paid solution that just wasn't right for us.
There are great plugins out there, paid and free, that back up your website for you automatically and daily. A good choice would be to find a plugin that allows you to download the backups off of their servers. Do some research, make sure your information (and more importantly, your customers) is safe. Again, make sure you're saving local copies of your sites data on a safe and secure drive or server.
Lastly, keep your plugins updated.
This malware took advantage of a plugin that was not updated. Most plugin owners or businesses take security very seriously. When you have 800,000 people using your plugin, that is probably a wise thing to do. While there are options to keep plugins updated automatically, it is important to note that not all updates will work with your version of WordPress. Keep that in mind when updating your plugin. If it's a security patch, maybe disable your plugin until it's compatible with your version of WordPress.
Security is everything. Keep your business safe. Keep your customers safe.