The most common cause of hacked websites and malware injections for WordPress users is outdated scripts like plugins, themes and WordPress itself.
If you don’t update all your scripts and secure WordPress, you may find your site gets hacked and injected with malware or malicious code of some sort.
If a hacker can gain access through one outdated script on one site they can access all your sites and databases on that server.
This is how you will normally find out:
What happens is a hacker can access vunerable scripts which have known security issues before you update the plugin or theme.
They can then inject malware and you could accidently download a trojan or other malicious file to your local computer if you or a site visitor clicks a link on the infected site.
Another way they hack in to your site is via an outdated script and gain access to your server and add malicious redirects in your .htaccess file so your site redirects to a site distributing malware. This will cause the Google bot to report back that your site is associated with malware.
I’ve recently found an old blog which i don’t use very often has been infected and i noticed the warning in Google Webmaster Tools. The most common entry point would have been an outdated script as i haven’t updated any plugins or themes on that site for several months.
Note: The warning only displayed when using a Google or Firefox browsers or when viewing Google’s search results pages. It didn’t display using Internet Explorer or in the Bing SERPS.
Contact Your Host
I contacted my host to find out what to do and this is their response:
Malware on your account that you did not put there is indicative that an attacker has found and exploited a vulnerability in a script on your account. The server has not been compromised, just your account on the server.
This happens due to non secure code or outdated installs of Php/MySQL based scripts such as WordPress.
How do i update my scripts without logging into my dashboard from the front end?
You’d just do that through the files and cPanel directly. If you don’t have the knowledge as to how to fix the code yourself, you could always contact a website security company
The best website security company I can recommend is http://wewatchyourwebsite.com
The programs that operate database-driven sites are vulnerable to hackers, who can (and do) exploit bugs in those programs to gain unauthorized access to your site. While our servers are exceptionally secure, your scripts may not be.
The best course of action is to always keep your scripts updated, your code clean, and your passwords secure. Here are some steps that can help you secure your site.
There are only two ways that an account can get infected:
- You are running an insecure script on your account that is used to break in.
- Your computer is infected and they have hacked into your account through your own computer, or by grabbing your password.
Securing your scripts and securing your PC are both your responsibility.
What Actually Hapened
The hacker gained access to my server from an out of date plugin and this is the reply from my host:
It looks like your hosting account has been hacked. /home2/austrar2/public_html/da/.htaccess has malicious redirect code. You’ll want to review your files for additional malicious content. I’d also recommend this to you: .
Cannot Login To Hacked Site
You may find that you cannot login to your WordPress dashboard which was the case in my situation when using Google chrome.
You database will probably be infected with malware so the only way to fix your site is to restore backup which was taken before the hacking and malware was injected.
Fixing Hacked Site
Rather than spend time trying to fix all the .htaccess files, i simply deleted the entire public_folder and all databases from my server and restored the full backups.
I did actually find that all my .htaccess files on that server had redirects in them to a Russian site
The restoration was very easy because i always take full backup after adding new posts and store copies of them in multiple locations.
Some of the best locations to store full backup are:
- Local computer
- External hard drive or memory stick
- Dropbox
- Amazon s3
If you take full backup after every new blog post and copy it to multiple external storage locations, you have nothing to worry about.
Local Computer Security
Make sure you are using an anti virus if you store your full backup on your local computer. If you don’t have anti virus installed, here’s a link to a free download of Microsoft Security Essentials for Windows users.
What happens if you don’t store full backup offsite?
Here’s a real life example of what happened to 4800 hacked websites lost with no chance of recovery!
Restoring WordPress Backup
I use the best backup & restore plugin for WordPress, backupbuddy, which has come in very handy for restoring backups and moving to a new server, host or domain as well.
Most hosts only provide nightly backups which could also be affected so they would be useless. Taking your own nightly backups and storing them away from your server in a secure location, is the best way to ensure you have full backups which don’t contain malware.
Preventing Hacking
Here is a security checklist that you can review which can greatly help secure your account sites:
1. Change the Admin Email on your account.
2. Change the Password on your account.
3. Change the Credit Card on file on your account.
4. Update and apply any patches, upgrades, or updates that the 3rd party vendor or web developer of your scripts may have available.
5. Fix any loose file permissions (this may be the most common exploit vulnerability)
6. Delete all non-system Ftp Accounts that were created, or at the very least, change the passwords to the FTP Accounts.
7. Remove any Access Hosts by clicking the “Remote Mysql” icon and clicking the Remove Red X by each entry if there are any entries.
8. Check your scripts for any Header Injection attacks, Sql Injection attacks, Cross-Site Scripting attacks, etc., as well as your php.ini file settings.
9. Check your home/work computers for any viruses, trojans, or keyloggers.
WordPress Security Plugins
There’s a few WordPress plugins which have been created to secure WordPress and prevent hackers gaining access to your files and databases.
Conclusion
I have already reported on Bitly and how they blacklist legitimate links before they even test them so be careful using a link shortener for tracking.
If you have links in your comments or anywhere on your site and the linked site distributes malware or has been reported, you can get blacklisted by Google & Firefox as well.
I never thought this would happen to me but it can happen to anybody and finding the malware could be a nightmare which you would have to do if you don’t have full backup stored locally which is unaffected.
Leave a Reply
You must be logged in to post a comment.