Last night I noticed that WooThemes had gone offline. At the time I didn’t think much of it as every site ends up going down once in a blue moon. But then this morning I noticed it was still down and showing a cpanel holding page I knew something strange was up.
Turns out, WooThemes was targeted by a very severe and malicious hack. This attack was so disruptive that WooThemes may be offline for another couple of days while an alternative server and hosting infrastructure is put in place. This is not the first time WooThemes has been targeted. Back in December 2010, the site suffered a prolonged DDOS attack which brought the site to it’s knees for over 24 hours but this attack appears to be even worse.
I feel terrible for the WooThemes folks for the moment as this has clearly turned their business upside down not to mention the nightmare that trying to maintain customer service must be right now. That said, true to form, it would appear that the Woo team are pulling all the stops out to keep the show on the road while the main site is offline – follow ongoing service status updates here.
From a recent update:
If you need access to your downloadable products, please ping usÂ firstname.lastname@example.orgÂ & weâ€™ll get you access to the files from our alternative storage in the meantime.
One must question what the motives behind severe attacks such as this. Normally the nature of many website hacks is simply to demonstrate the hackers skillz to their peers which while extremely annoying can be rapidly fixed. Was there a WordPress vulnerability involved in the attack? If so, this will no doubt cause ripples of concern across the WordPress community. I’m sure it’s the last thing on Adii’s mind right now but I think once normal service is resumed that some disclosure of the nature of the attack would be important to reassure customers and the WordPress community at large. I know at one point Woothemes.com was hosted on vps.net who I moved all my business away from about 12 months ago due to fears I had about their infrastructure after I had several data loss scares.
Planning a disaster such as this is extremely complex – especially for a business like WooThemes was completely relies on the web to run it’s business. I think many other WordPress based businesses could learn some lessons from this attack and take a long hard look at their Disaster Recovery plans should the worst happen.
For now, I wish Adii & Co. the best of luck getting everything back online as soon as possible and hope that there is no long term damage from this incident.