Category Archives: Malware

  • 0
We fix compromised WordPress websites

Help with a compromised WordPress website

Tags : 

One of the many calls we get is for help with a compromised WordPress website. Even though WordPress is a very secure content management system, many website owners tend not to be pro-active in taking the security of the site to the next level. First and foremost, by not using Admin as your main username, or using a less-than secure password. If you use your password for more than one login, it is not secure (that statement is a discussion we will be posting shortly.)

The next step in pro-active security is the ability to scan your site for issues, holes and viruses. One plugin that we install on all our client sites is GOTMLS Anti-Malware. GOTMLS Anti-Malware is a WordPress plugin that can be used to scan and remove viruses, threats and other malicious things that may be present in your WordPress website. Some of its important features include a customized scan, complete scan, quick scan, automatic removal of known threats, among many others. You can register the plugin for free at GOTMLS. If you are not into “phone home” scripts, avoid this plugin, as it uses the “phone home” feature to check for updates. [Get it here]

The GOTMLS Anti-Malware plugin can now scan your WordPress Core files and compare them with the installation source code available from wordpress.org. This new integrity check could be very helpful for finding new threats hidden in WP Core file. There may be lots reasons, other than malicious threats, for Core files to differ from the original source, so this is an optional fix that requires you to check the box next to each file you want to restore. If a “Known Threat” is found in these files it will still come up as an automatic fix, but if not, you can now optionally revert any of these modified Core files to the original code.

How did I get hacked in the first place?
First, don’t take the attack personally. Lots of hackers routinely run automated scripts that crawl the internet looking for easy targets. Your site probably got hacked because you are, unknowingly, an easy target. This might be because you are running an older version of WordPress, or have installed a Plugin or Theme with a backdoor or known security vulnerability. However, the most common type of infection I see is cross-contamination. This can happen when your site is on a shared server with other exploitable sites that got infected. In most shared hosting environments, it’s possible for hackers to use one infected site to infect other sites on the same server, sometimes even if the sites are on different accounts.

How can I stop this from happening again?
There is no sure way to protect your site from every kind of hack attempt. That said, don’t be an easy target. Some basic security steps should include: hardening your password, keeping all your sites up-to-date, and running regular scans with Anti-Malware software – like GOTMLS.NET

Why should I register the GOTMLS Anti-Malware WordPress plugin?
First, it’s only a donation to the programmer of $29, and if you register on GOTMLS.NET you will have access to download definitions of New Threats and added features – like automatic removal of “Known Threats,” and patches for specific security issues (like old versions of timthumb and brute-force attacks on wp-login.php.) Otherwise, as this plugin only scans for “Potential Threats” on your site, it would then be up to you to identify the good from the bad, and remove them accordingly (or hire someone like Westgate WEBS to take care of it for you!)

Would you like us to install the GOTMLS Anti-Malware WordPress plugin for you, configure it and run your first scan?  We would be glad to! [Click Here]