Blackhole Exploit Kit, Blackhole Exploit Kit Detection, Phoenix Exploit Kit, Rogue Scanner and JS Redir attacks were at one time the most prevalent of all website threats globally. These can destroy your website’s online reputation and drive your visitors elsewhere. Malware may be installed onto visitors computers directly from your website, without you being aware of it.
WordPress Site Hacking
How To Tell if Your Site Has Been Compromised
For some people, the first indication might be a complaint by a site visitor that their PC’s internet security application sounded an alarm. Some search engines – like Yandex – now email the website owner if their web bots discover malware during site indexing visits.
You can be a little more proactive that that. Aside from using a premium internet security suite, and visiting your own site regularly, you should also regularly check your website on the premium internet security sites! The following are those I have found to be accurate;
Of those, Sucuri.net provides the most detail, right down to the infected file and the type of infection. This allows you to go straight to the source of the problem and eliminate it.
Not checking, not being aware for an extended period can result in your site being blacklisted on sites which monitor inappropriate activities such as malware, phishing, virus distribution etc.
Another good site is www.virustotal.com – click the “Scan a URL” option, then enter the website Domain Name to be checked. VirusTotal will check your domain against almost 20 different databases and report on its status.
How To Minimise The Threat
Implement each WordPress upgrade as soon as it appears. This is extremely important and is the best way to prevent exploit attacks in the WordPresa core. WordPress developers quickly remedy any newly-discovered issues, so an upgrade is the best defence against known security threats.
- Contact Form 7
- Contact Form 7 Calendar
Use a Design Theme that does actually have an upgrade process. Some developers of premium themes provide incremental upgrades and security patches. Those produced by Studiopress are amongst my favourites.
Cheap, nasty, old or free WordPress themes are an invitation to disaster. If your website has any value, add to it with a professionally written design theme…
How to Fix a Hacked WordPress Website
The first issue is accurately identifying the problem. Use the www.sitecheck.sucuri.net/scanner/ to establish which Directory and or File/s are affected.
The second issue is to eliminate the problem immediately!
Elimination of Exploits
In the case of WordPress, the “upgrade” or “reinstall” provides an immediate elimination of compromised core WordPress files.
Plugins that are compromised are overwriten by an upgrade… Where no upgrade is available exists;
- delete the plugin directory
- go to WordPress.org/extend and download a fresh copy of the plugin
- upzip it into your PC’s local drive
- use FTP to upload the plugin directory to ./wp-content/plugins/
Design Themes that are compromised are also overwritten by an upgrade. Alternatively, use an FTP program to delete the current Theme directory, and then upload a replacement copy. Note that if you’ve got any custom modifications to the theme files or the stylesheet, its a good idea to have a local copy of those edits!
Having cleaned up the offending file/directory, its useful to go through the site looking at date_modified dates…
Some exploits or hacks insert files, these will invariably be dated on the day the exploit or hack occurred. Look for any dates that stand out as being different to those of the recently uploaded WordPress / plugin files.
If you’d rather not do this yourself, the Securi.net malware removal service is recommended. At $89.95 it also includes a full year of website monitoring!
After the cleanup is over, and scans on Sucuri.net report the site is now clean, you need to take steps to ensure that security is now as tight as it can be.
Change EVERY password to all areas of the site, including;
- WordPress Administrator account
- WordPress Database account (you will need to update wp-config.php)
- FTP & Admin Control Panel
- Email accounts
Don’t use recklessly simple passwords! Make sure EVERY password is at least 10 digits, preferably randomly generated with a mix of upper and lower case, numerals and punctuation…Use this site;
So what if you can’t remember a difficult password? There are products like Roboform password manager that can help you with that!
In most cases, directory/file permissions should be no looser than 755. However, hosting companies implement permissions in varied ways, and in some cases the only way to upload files to wp_upload is setting that directory at 777
That’s a serious problem, as its offering free access to anyone with nefarious intent. If your hosting company can’t / won’t help you with sorting out permissions for your WordPress installation, change to another company!
WorsPress have detailed information here: http://codex.wordpress.org/Changing_File_Permissions
Remove Extra FTP Accounts
Some hackers like a way back in if their efforts are undone, so they add a sneaky FTP account access… Some hosting accounts with Add-On Domains automatically create a new FTP account for each add-on domain that is installed…
To reduce the potential for future problems, remove all unused / unidentified FTP accounts.
Installing WP Security Software
For the non-technical site owner, there are plugins designed to ease the burden of security by managing it for you. See a list of WP Security tools here; wordpress.org/extend/plugins/search.php?q=security
The one I use and recommend is “Wordfence Security” because it has an intuitive interface, and locks the site down neatly and easily. Its quite easy for a non-technical user to install and configure this plugin, with few opportunities to kill the site in the process.
Obviously, when all else fails and your website has turned to mush, there’s a great deal of comfort to be had from a comprehensive backup of your website… Make sure you have one!