Sitelock and anti malware by hackers on wordpress
-
Dealing with my first client that had hacker situations on her wordpress... and she just got into sitelock. I am curious what everyones thoughts are and what other plug ins you suggest. I have used and suggested things like wordfence, bulletproof security, wordpress security, things like that. I just don't want her to get into a scam and I don't know enough about it.
-
Well isn't big deal at all. You need to:
- investigate error 500. Usual this is part of "door knocking". You should see who and what is going to do just for error 500. Watchout for /wp-content where themes and plugins are. Also /wp-admin and /wp-include where WP core is.
- investigate 404 errors. This is part 2 of "door knocking". Often happens when vulnerability doesn't exist. Like timthumb or revSlider - someone still knocking on few days. (this was vulnerability that leave more than 100k sites with PHP execution)
- investigate strange redirects - 301, 302. IF site is working perfect you shouldn't see any redirects. But if you're WWW and someone link w/o WWW you can see redirect. Also WP comes with internal redirector for broken urls, can be typo mistakes. But more interesting are vulnerability so any strange activity can be easy seen.
- investigate strange traffic - can be POST or GET to /wp-content/plugins or /wp-content/themes PHP code. In perfect world only WP can call them. Or using WP-AJAX. Direct calling to code isn't recommended anymore.
- investigate bot traffic - like 2000 requests for 30 mins to wp-login.php This is one example - you can easy see them because one IP can do lot of requests.
- you need to check file structure - new/changed files can be warning that something was happened. I like GIT/Mercurial or SVN because they can check quick folders for changes. Bad news - you need SSH access and some dev skills. If you don't have SSH then you can download whole site and compare it with original copy. I can recommend WinMerge (free and open source) tool for comparing files/folders in Windows. If you're on Mac just as me you can use FileDiff (free) or Kaleidoskope (paid tool, trial available). There is also paid multi platform tools as Beyond Compare, Araxis Merge, Delta Walker and few more.
- you need to make HTTP password to sensitive portions of WP. Also you must do some hardening of WordPress installation. This is covered in Codex here. For example try to login on mine site: http://www.mobiliodevelopment.com/wp-admin/ Good luck!
- you can implement additional security in .htaccess like 5G firewall here. Or you can implement WAF (web application framework) like modsecurity.
I think that i cover most of mine daily routine inspections. Look scary but when you get experience will took less than 5 minutes per site.
-
That is great advice! That helps! Where and how can I investigate the web attacks? Esp through wordpress. It is out of my expertize. I can try via IP ... but IP can be bounced around with different towers. Or I could contact the server.
-
I have talk about WordPress security before month ago in WordPress Bulgaria 2015.
So very short - if you have update to latest versions of core, plugins and themes and they're stable you don't have anything to worry about.
The problem is when some of them comes with non well checked code - most plugins or themes. This mean that if there is some vulnerability you can be infected over and over. Same can happen if you download from illegal sites plugin/theme with some added code as vulnerability. Don't think that "this won't happen on me" because this is one of most frequently way to distribute malware to users.
All that security layers add extra PHP code that need to be executed and slow down site. They also bring issues to some users. I never forget when few months ago ping in Twitter some site that i can reach their site from Bulgaria. Yes - due settings in their "security" plugin.
That's why you need few ways:
- you need to use only plugins/themes from original author. If they're on WordPress.org then this is preferred. This doesn't mean that they can't have some vulnerability, but you just minimize chance
- you need to update them regular
- you need to use only proven plugins/themes in your practice. I believe that plugins with 100k installs is tested than plugin with 10 installs
- you always should keep backup of site and it's database local on your computer. In hacked site case - you just need to restore from backup for 5-10 mins
- keep backups on regular basis - can be plugin or manually. There you can diff backups for changes very quick
- you need some skills to investigate web attacks using checking web server log files. I do this on daily basis for mine most important sites. If some IPs or user agents doesn't follow rules - deny their access
- in case of hack - keep archive of hacked site and then recover. One of huge mistake more novices make is to trying to clean site. Most of malwares keep somewhere in WP "dead hand" and they're back later. Experts (like me) need lot of time to find and disabled them. With backups - this is piece of cake
- If you follow this but keep hacked... then think out of box - maybe plugin have unknown vulnerability or theme. Sometime other sites/scripts working on same hosting account can infect you. I have even seen infected whole hosting company on server level. Then you need expert assistance. You can find this in WP forum and/or in your hosting provider.
- Some hosting providers provide extra service as - WordPress hosting. This is often high-speed solution with added extra level of security on server level. I can recommend SiteGround, WPEngine or nestify.io
List is really long and boring. But if you follow all these rules - you don't need "security" plugin. It's critical for you to know what's happen in WP and when this is happening. I often can see people that doesn't know that they're infected but they doesn't have backups or archives. This make mine job longer and expensive.
PS: I know that checking site on daily basis sound little bit scary. But take me maximum 5 minutes per site for day.
-
Along with BulletProof, Wordfence is one of the highest rated, and most used security plugins for WordPress.
However her hacking issue was likely the cause of a security vulnerability in one of her WordPress plugins. We often see this with clients that do not update their plugins, or have plugins that haven't had updates in ages. Some plugins are created as a front solely to steal data or have another security vulnerability.
One of the best ways to combat this is to #1. Make sure you update your plugins regularly and #2. Only download plugins that are highly rated and are updated regularly.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Best Wordpress theme for blogging
Hi all, What is the best Wordpress theme for a professional DM blog? I am looking for something minimalistic where I can add my personal profile and have articles nicely listed, potentially grouped within categories. Any ideas? Thanks. Katarina
Content Development | | Katarina-Borovska3 -
If my blog is on Wordpress, and I've installed the AMP plug-in, what do I need to do to get Google to start indexing all my posts as AMP pages?
If I add /amp to the end of any of my posts, I can see that the plug-in is working. It's been months since I installed it, though, and Google hasn't indexed any of the AMP pages. Am I missing a step?
Content Development | | DeanRamadan0 -
Is there a way to set up a wordpress site so that the content is changed based on a location?
I have a site I am building that has information that shifts based on weather conditions and location. Is there a way to have information sort based on a users geographic location? I am trying to figure out the best way to do this.
Content Development | | Ron_McCabe0 -
How do I properly sitemap a site with static pages + Wordpress in it's own directory?
I apologize for the awkward wording in the headline. No to the issue, I have a site with static pages that are created as follows: url.com, url.com/page1, url.com/page2, etc. I then have WordPress install at url.com/blog. What is the proper method for creating a comprehensive sitemap for my entire domain. I like the sitemap feature provided by Yoast SEO plugin but I assume it will only index the wordpress directory (url.com/blog). Any help would be greatly appreciated!
Content Development | | Qcmny0 -
Wordpress Security and Alternatives
No matter how secure we try to make our wordpress blogs they still got hacked. We recently got hacked(server level hacking, javascript insertion that took our server down, through the askimet plugin), anyway there was nothing really showing in the front end, no inserted links and nothing suspicious looking code. Oh well we are changing the passwords now and going through and deleting the javascript. The problem im facing is that i am handling over 100 blogs, so its very time consuming to do this. I know that once or twice a year everyone goes through a wordpress crisis but we really cant afford nor have the resources to fix it all the time. Are there any alternatives to wordpress blogs(as good as wordpress). Wordpress has been showing good results so far so it works as far as SEO goes, but we are trying to figure out what to do in order to not get hacked. Besides alternatives id like to know if there are any work arrounds to not get hacked with little maintenance needed. Any tips?
Content Development | | CMTM0 -
Wordpress Canonical
I installed All in One SEO Pack widget, as recommended by SEOmoz a while back, and my Notices for this are higher. To fix the Connicalization issues with my Blog, on WP, but it keeps adding the page name in the URL, as displayed <meta name="description" content="Get more information from Gary!(602) 386-4415 or [email protected] Also known as Web 2.0, social media sites like Twitter and Facebook are the advertising" /> <link rel="canonical" href="[http://www.cisaz.com/blog/cisaz-social-network-solutions/](view-source:http://www.cisaz.com/blog/cisaz-social-network-solutions/)" /> Any advise?
Content Development | | smstv0 -
WordPress Rankings ?
It looks for me that WordPress sites get to rank better for some reason ... I dont know wil you will agree with this one with me or not. The question is... do they hold their rankings for the certain keyword with a time? or they lose them as fast as they get them? Shouldn't be content rank the same across all platforms? Content is a content and it dosent matter how it's presented? is it the case with google? For example: Create Wordpress site for only 3 products, provide good content for those 3 products... and sell them with some of shopping cart plugins (any recommendations on the plugin?) Will I get rankings faster and keep them?
Content Development | | DiamondJewelryEmpire0 -
Duplicate Content on WordPress Blogs?
We are getting ready to add a WordPress blog to our established website. Our plans are to place it in a subfolder on our website to maximize rank. My question is...Do we need to utilize a Meta Robots WordPress plugin by Yoast or similar so that noindex,follow robots meta tags will prevent search engine indexing of search result pages, subpages and category archives? We want to avoid the dreaded Duplicate Content Error and penalty. Any other great SEO WordPress plugins? Thank you for your time. Brian
Content Development | | gw3seo0
